Hi @john_breen, thanks for the suggestion! With the use case you mentioned here, it makes sense to enhance the output options to include “string.” I will let you know when the update is implemented in the plugin.
2 Likes
Product: Trend Micro Cloud App Security
Use cases: We would like to automate requests for security event logs and send them to InsightIDR for custom alert processing.
Actions/Triggers: This would likely be a scheduled task at 5-10 minute intervals.
There are other APIs in this collection that would be important to use as well.
1 Like
Product: Thycotic Secret Server
Use Case: Ability to deny access to specific resources if a user or machines is compromised. Ability to fetch credentials in order to connect to specific firewalls, SSH commands etc. (Similar to Cyberark pugin)
Actions: Fetch credentials, expire/restrict privileged account
1 Like
Product: WhatsApp
Use Case: Additional medium to send notifications to team members and perhaps even use as a trigger.
Actions: Send messages and if possible read messages similar to MS Teams
Insight IDR Plugin:
I would like to be able to create an IDR investigation from an insight connect workflow. I have some workflows that are triggered from custom alerts. It would be nice to be able to have these only create an investigation if certain criteria was met. I can close the investigation but because of the nature of alert it does not always do the best job. It would make more sense to just be able to create the investigation if needed.