AbuseIPDB
Integration
Leverage the AbuseIPDB threat intelligence API with this integration.
Active Directory
Integration
Microsoft Active Directory integration facilitates the centralized management and synchronization of Windows user accounts with Security Center's administrator and cardholder accounts.
AirTable
Integration
Airtable can store information in a spreadsheet that's visually appealing and easy-to-use, but it's also powerful enough to act as a database that businesses can use for customer-relationship management (CRM), task management, project planning, and tracking inventory.
Alerts and Entities Report
Analytics
This report provides a look into the most commonly impacted Entities including Address, Destination URLs, Hostnames etc. A snapshot of most impacting Incidents and most impacted entities is provided in detail. Pre - Requisites 1. Should use Incident flag for identifying Incidents in Cases
Alerts Triage
Use Case
This playbook was made to automatically analyze all incoming threats on Siemplify, encrich it with information and then notify the analyst's via email.
Tools:
Alexa
Integration
The Alexa Web Information Service (AWIS) offers a platform for creating innovative Web solutions and services based on Alexa's vast information about web sites.
AlgoSec
Integration
Manage your network security effectively, swiftly, and confidently. No matter where your network lives. Gain complete visibility, automate changes, and always be compliant.
AlienVault USM Anywhere
Integration
AlienVault USM Anywhere delivers powerful threat detection, incident response, and compliance management for cloud, on-premises, and hybrid environments.
AlienVault USM Appliance
Integration
USM Appliance includes the essential security capabilities and continuously delivered threat intelligence needed to quickly and easily identify and respond to threats in your physical and virtual infrastructure.
AlienVaultTI
Integration
AlienVaultTI - Powerful Threat Detection, Incident Response & Compliance in One Solution.
Amazon Macie
Integration
Amazon Macie is a powerful security and compliance service that provides an automatic method to detect, identify, and classify data within your AWS account.
Analysts Case Load Tracker
Analytics
This report provides clarity on the workload that each Analyst handles across your Security Operations at any particular time.
Anomali
Integration
Anomali ThreatStream operationalizes threat intelligence, automating collection and integration, and enabling security teams to analyze and respond to threats.
Anomali Staxx
Integration
Anomali STAXX provides bi-directional sharing of threat intelligence from STIX/TAXII sources that are in the cloud (such as Anomali Limo, http://hailataxii.com, an ISAC, or Anomali ThreatStream) or on premise. With Anomali STAXX, you can connect to STIX/TAXII servers, discover and configure their threat feeds, and poll (download) threat intelligence from those feeds. You can also import threat intelligence into Anomali STAXX and push (upload) selected observables to other STIX/TAXII servers.
Anomali ThreatStream
Integration
Threat Intelligence Management that automates the collection and processing of raw data, filters out the noise and transforms it into relevant, actionable threat intelligence for security teams.
Any.Run
Integration
Interactive online malware analysis service for dynamic and static research of most types of threats using any environments.
APIVoid
Integration
Database of API services mostly focused on threat analysis and threat intelligence, that can be easily integrated anywhere.
AppSheet
Integration
AppSheet provides a no-code development platform for application software, which allows users to create mobile, tablet, and web applications using data sources like Google Drive, DropBox, Office 365, and other cloud-based spreadsheet and database platforms.
Arcsight
Integration
Real-time threat detection and automated response backed by a powerful, open, and intelligent SIEM (Security Information and Event Management).
ArcSight Logger
Integration
ArcSight Logger is a comprehensive solution for security event log management.
Area1
Integration
Area 1 Horizon, a cloud-based service that stops phishing attacks across all traffic vectors—email, web, or network. Protects users against phishing emails using a cloud-based MTA or cloud APIs/connectors. Protects users against web-based phishing campaigns through a globally distributed, recursive DNS service. Shut downs phishing attacks at your network edge.
Armis
Integration
Agentless and passive security that sees, identifies, and classifies every device, tracks behavior, identifies threats, and takes action automatically to protect critical information and systems.
Asana
Integration
Asana is a software-as-a-service designed to improve team collaboration and work management. It helps teams manage projects and tasks in one tool. Teams can create projects, assign work to teammates, specify deadlines, and communicate about tasks directly in Asana.
Attivo
Integration
Efficiently derail attacker discovery, lateral movement, privilege escalation, & collection activities early in the attack cycle with Attivo.
AWS - EC2
Integration
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment.
AWS Cloud Trail
Integration
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to…
AWS CloudWatch
Integration
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises…
AWS Elastic Compute Cloud (EC2)
Integration
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure and resizable computing capacity in the AWS cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. When using this service, it is highly recommended to monitor it for intrusion attempts or other unauthorized actions performed against your cloud infrastructure.
AWS GuardDuty
Integration
Amazon GuardDuty informs you of the status of your AWS environment by producing security findings. GuardDuty helps to detect and manage threats to your AWS system.
AWS IAM Access Analyzer
Integration
AWS IAM Access Analyzer is built on Zelkova, which translates IAM policies into equivalent logical statements, and runs a suite of general-purpose and specialized logical solvers (satisfiability modulo theories) against the problem. Access Analyzer applies Zelkova repeatedly to a policy with increasingly specific queries to characterize classes of behaviors the policy allows, based on the content of the policy. To learn more about satisfiability modulo theories, see Satisfiability Modulo Theories. Access Analyzer does not examine access logs to determine whether…
AWS Identity and Access Management (IAM)
Integration
AWS Identity and Access Management (IAM) enables you to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
AWS S3
Integration
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to…
AWS Security Hub
Integration
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners. But oftentimes this leaves your team switching back-and-forth between these tools to deal with hundreds, and sometimes thousands, of security alerts every day.
AWS WAF
Integration
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Axonius
Integration
Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 300 security and management solutions.
Azure Active Directory
Integration
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access both internal and external resources.
Azure AD Identity Protection
Integration
Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD to identify and protect customers from threats. The signals generated by and fed to Identity Protection, can be further fed into tools like Conditional Access to make access decisions, or fed back to a security information and event management (SIEM) tool for further investigation based on your organization's enforced policies.
Azure DevOps
Integration
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle, and enables DevOps capabilities.
Azure Security Center
Integration
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Bandura Cyber
Integration
Bandura delivers the threat intelligence automation and control needed for companies of all sizes to block known threats at massive scale, operationalize threat intelligence, and get more out of your existing security resources.
beSECURE
Integration
beSecure is a flexible, accurate, low maintenance Vulnerability Assessment and Management solution that delivers solid security improvements.
Bitdefender GravityZone
Integration
Bitdefender Control Center API's allow developers and SOC's to automate business workflows. Docs: https://github.com/snags141/SiemplifyIntegration_BitdefenderGravityZone
BlueLiv
Integration
Blueliv is Europe’s leading cyberthreat intelligence provider. It looks beyond your perimeter, scouring the open, deep and dark web to deliver fresh, automated and actionable threat intelligence to protect the enterprise and manage your digital risk.
BMC Helix Remedyforce
Integration
BMC Helix Remedyforce is comprehensive IT service management that easily scales and adapts to the needs of mid-size companies. Built on Salesforce cloud, it allows you to seamlessly combine IT operations management (ITOM) and cognitive capabilities to ensure the business is efficient, compliant, and secure.
BMC Remedy ITSM
Integration
BMC Remedy ITSM is industry-leading, service management that transforms the best-practice ITSM principles you've come to appreciate from Remedy to provide unprecedented ROI on your choice of cloud.
Brute Force Attack - Investigation
Use Case
The Use Case helps an analyst on investigating multiple unsuccessful login attempts. If the login failure reason is an incorrect password, automation raises an incident and notifies the IT team
Tools:
BulkWhoIs
Integration
Bulk Whois API is based on a rich experience that the company gained by providing online services to thousands of users worldwide since 2010. For last several years, WHOIS and domain systems are our daily bread. The service knows how they work and how to use them, so that you can care less about it.
CA Service Desk Manager
Integration
CA Service Desk Manager is designed to help IT service desk analysts make every moment count through a dynamic experience so they can deliver great customer service without the fear of overbearing processes or metrics. With the solution, teams can embrace teamwork rather than working from siloed knowledge stashes and disjointed communications.
Carbon Black - Cloud Remediation
Use Case
Automating Carbon Black cloud solutions to detect suspicious CMD activity, investigate its' context, and respond with power automated shell commands via the Carbon Black Cloud Live Response integration.
Tools:
Carbon Black Defense
Integration
Next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware
Carbon Black Protection
Integration
Cb Protection delivers application control and critical infrastructure protection to lock down servers, critical systems and fixed-function devices in highly regulated environments.
Carbon Black Response
Integration
Highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams
Certly
Integration
Determining whether or not a domain or link is malicious.
Check Point - Malware Analysis and Response
Use Case
Combines three Check Point products. Runs analysis of IOCs in SandBlast, enriches across ThreatCloud and additional sources, closes false positives, and updates NGFW's blocklists
Tools:
Check Point CloudGuard
Integration
CloudGuard is a cloud security posture management solution for cloud environments such as Amazon AWS, Microsoft Azure, and Google Cloud Platform. CloudGuard provides network security policy management and automation for your cloud environment across providers, regions and accounts. Organizations trust CloudGuard to ensure that their network security is well defined and understood, and then to enforce that security policy on a continuous basis. In the event of an unauthorized change, (for example, somebody or something attempts to open network ports)…
Check Point Firewall
Integration
VPN-1 is a firewall and VPN product developed by Check Point Software Technologies Ltd. VPN-1 is a stateful firewall which also filters traffic by inspecting the application layer.
Check Point SandBlast
Integration
Protect your organization from zero-day cyber attacks with SandBlast Network, the market’s leading advanced network threat prevention solution. Increase productivity while creating a secure environment with innovative technologies like threat emulation, threat extraction and artificial intelligence.
CheckPoint Threat Reputation
Integration
Leverage the Check Point’s threat intelligence to enrich your SIEM and SOAR solutions and to secure your business applications and websites by using simple RESTful APIs.
Cisco AMP
Integration
Get global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches with Cisco Advanced Malware Protection (AMP). But because you can’t rely on prevention alone, AMP also continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
Cisco Firepower Management Center
Integration
Cisco Firepower analyzes your network's vulnerabilities, prioritizes any attacks, and recommends protections so your security team can focus on strategic activities.
Cisco IronPort
Integration
Cisco IronPort Email Security Appliance is an email security gateway product. It is designed to detect and block a wide variety of email-borne threats, such as malware, spam and phishing attempts.
Cisco ISE
Integration
The Cisco Identity Services Engine (ISE) is your one-stop solution to streamline security policy management and reduce operating costs. With ISE, you can see users and devices controlling access across wired, wireless, and VPN connections to the corporate network.
Cisco Orbital
Integration
Cisco Orbital is a service that uses Osquery to provide you and your applications with information about your hosts. Osquery exposes an entire operating system as a relational database that you can query with SQL to gather information about the host. Orbital can be used by both Cisco customers and their applications to query their computers wherever Orbital has been deployed.
Cisco Threat Grid
Integration
Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
CiscoUmbrella
Integration
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet. Protect users in minutes.
Cofense Triage
Integration
With Cofense Triage, prioritize and remediate phishing threats faster. A culture of user-reporting is key to stopping phishing attacks, but your overburdened SOC team needs to prioritize what’s reported. Instead of slowing their efforts with time consuming manual processes—the numerous steps required to find and understand real indicators of threats—automate analysis with Cofense Triage and focus on making decisions to speed remediation.
Connectors
Power-ups
A set of custom connectors created for Siemplify Community to power up automation capabilities.
ConnectWise
Integration
Seamlessly transition projects and tasks to keep your communication flowing without ever worrying about accountability and visibility.
CountryFlags
Integration
Country Flags includes a list of all the countries and their associated flags. You can use this integration to present a country's flag as a base64.
CrowdStrike - Executable Detected
Use Case
The Use Case has a Connector and the Playbook that investigates the suspicious process on an employee's computer and its' context and responds to it via CrowdStrike Falcon.
Tools:
CrowdStrike Falcon
Integration
CrowdStrike Falcon is the leader in next-generation endpoint protection, threat intelligence and incident response through cloud-based endpoint protection.
CSV
Integration
Integration designed around working with CSV files. CSV is a simple file format used to store tabular data, such as a spreadsheet or database.
Cuckoo
Integration
Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.
Customer Report
Analytics
Customer Report is a summary dashboard that provides an overall visibility across main aspects of your Security Operations Center coverage. Pre - Requisites 1. Should use Mark as Important flag for identifying Important Cases 2. Should use Incident flag for identifying Incidents 3. SLA should have been defined for Closure of Cases 4. All Non Malicious Cases are considered False Positives in this dashboard
CyberArkVault
Integration
Secure, Rotate and Control Access to Privileged Account Credentials
Cybereason
Integration
Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign.
Cyberint
Integration
Digital Risk Protection that turns intelligence into actions to proactively and effectively defend businesses against cyber threats.