-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add IronDefense custom connector for certification (#969)
* add IronDefense connector files for certification * address PR comments * remove jwt prop
- Loading branch information
1 parent
d52c830
commit f98cca2
Showing
3 changed files
with
2,330 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
|
|
||
| ## IronDefense Connector | ||
| IronNet provides an external REST API for its flagship product, IronDefense. The | ||
| API allows users to query and modify alerts as well as ingest alert, event, and | ||
| IronDome notifications. | ||
|
|
||
|
|
||
|
|
||
| ## Prerequisites | ||
| You will need the following to proceed: | ||
| * The URL where the IronDefense deployment is hosted | ||
| * User login credentials for IronVue with the permissions `Access IronAPI`, `View | ||
| Alert`, `Edit Alert`, and `Manage Threat Intelligence Rules` | ||
|
|
||
|
|
||
| ## Supported Operations | ||
| The connector supports the following operations: | ||
| * `CommentOnAlert`: Allows a client to comment on any given alert, with the option to send to IronDome (if enrolled). | ||
| * `GetAlertIronDomeInformation`: Allows a client to retrieve community IronDome correlation information for an alert. | ||
| * `GetAlertNotifications`: Allows a client to retrieve alert notifications from IronDefense without pulling duplicate messages that have already been ingested. | ||
| * `GetAlerts`: Allows a client to retrieve IronDefense alerts in an environment. The response can be filtered based on the alert field parameters and limited to a given number of alerts. | ||
| * `GetDomeNotifications`: Allows a client to retrieve dome notifications from IronDefense without pulling duplicate messages that have already been ingested. | ||
| * `GetEvent`: Allows a client to retrieve details for an IronDefense event including the event context. | ||
| * `GetEventNotifications`: Allows a client to retrieve event notifications from IronDefense without pulling duplicate messages that have already been ingested. | ||
| * `GetEvents`: Allows a client to retrieve IronDefense events for a particular IronDefense alert. Event context information is not included in these event objects. | ||
| * `Login`: Allows a client to login and retrieve a valid JSON Web Token (JWT) to use in subsequent calls. | ||
| * `RateAlert`: Allows a client to rate an alert as part of the review/triage process. | ||
| * `ReportObservedBadActivity`: Allows a client to submit a domain and/or IP of observed bad activity for Threat Intelligence Rule, event/alert creation and IronDome correlation. | ||
| * `SetAlertStatus`: Allows a client to change an alert's status to progress it through the review process. | ||
| * `UpdateEntityRecord`: Allows a client to send IP lease information from a source of entity information. | ||
|
|
Oops, something went wrong.