Now with InsightConnect you can automatically extract common network indicators for your chatops workflows without having to use other steps like pattern match or the extractit plugin!
When your chat command is followed by a commonly used network or security indicator, our chatbot detects the format of the command and the indicator, extracts both automatically, and stores them in output variables. From here, simply leverage these output variables later in your workflow to configure further actions. For example, add a hash to a denylist, enrich a URL or domain with a threat intelligence plugin, delete an email from user inboxes, or block an IP address, all without having to parse these indicators out of your chat messages manually.
We capture and store the following commonly used network and security indicator types:
- IP addresses (IPv4 and IPv6)
- MD5 hashes
- SHA1 hashes
- SHA256 hashes
- MAC addresses
- Email addresses
- Domain names
- URLs
- CVEs
We also now support message threading in Microsoft Teams and Slack enabling you to conveniently organize your ChatOps communications.
Attached is a quick enablement video that will show you how to use this new indicator extraction feature in Slack or Teams, and a link to our documentation that walks you through the feature. We’re so excited about these new updates, and please let us know if you have any feedback!
Enablement Video:
Documentation:
https://docs.rapid7.com/insightconnect/trigger-workflows-with-slack-chatops