SPLUNK PHANTOM
Apps & Integrations

A10

LADS

This app supports containment actions like 'block ip' or 'unblock ip' using the A10 Lightning Application Delivery System (LADS).

 

AbuseIPDB

AbuseIPDB

This app integrates with AbuseIPDB to perform investigative actions

 

Aella Data

Aella Data Starlight

This app integrates with an Aella Data installation to implement ingestion and investigative actions

 

Amazon

Alexa

Connects to Alexa Web Information Services for lookup url.

 

Anomali

ThreatStream

Integrates a variety of reputation and lookup actions from the Anomali ThreatStream threat intelligence platform.

 

Apache

Kafka

This app implements ingesting and sending data on the Apache Kafka messaging system

 

Arbor Networks

Arbor Networks APS

This app integrates with Arbor Networks APS to execute containment and corrective actions

 

Atlassian

HipChat

This app integrates with HipChat to support different generic and investigative actions

 

Atlassian

Jira

This app supports a variety of ticket management actions on JIRA

 

Aurea

AlertFind

Integrate with AlertFind to enable notification actions

 

AWS

AWS Athena

This app supports investigative actions on AWS Athena

 

AWS

AWS Community App

App Review - AWS App by GE

 

AWS

AWS Community App 2

AWS Community App - BAH

 

AWS

AWS IAM

This app integrates with Amazon Web Services Identity Access Management (AWS IAM) to support various containment, corrective and investigate actions

 

AWS

AWS Lambda

This app integrates with AWS Lambda to perform lambda functions

 

AWS

AWS S3

This app integrates with AWS S3 to perform investigative actions

 

Axonius

Axonius

This app integrates with the Axonius Cybersecurity Asset Management Platform to enrich asset data for investigations

 

Basis Technology

Cyber Triage

Initiates a remote endpoint collection to support an investigation using Cyber Triage

 

Bay Dynamics

Risk Fabric

This app supports retrieving entity risk scores from Risk Fabric

 

Best Practical

Request Tracker

This app allows ticket management on Request Tracker by implementing investigative and manipulative actions on the tickets

 

BMC Software

RemedyForce

This app allows ticket management on RemedyForce by implementing actions like create ticket and update ticket.

 

BMC Software

Remedy

This app supports ticket management functions on incidents in BMC Remedy.

 

Carbon Black

CB Defense

This app integrates with an instance of Carbon Black defense to run investigative actions

 

Carbon Black

CB Response

This app supports executing various endpoint-based investigative and containment actions on Carbon Black Response

 

Carbon Black

CB Protection

This app supports various investigative and containment actions on Carbon Black Enterprise Protection (formerly Bit9)

 

Censys

Censys

This app implements investigative actions to get information from the censys search engine

 

Certly

Certly

Implements url reputation action by querying the Certly web API

 

Check-Point-Software

Firewall

This app supports a variety of endpoint and network based containment actions on Check Point Firewall

 

Cherwell

Cherwell

This app implements various ticketing actions on Cherwell

 

Cisco

Cisco ASA

This app supports containment actions like 'block ip' in addition to investigative actions like 'get config' and 'get version' on a Cisco ASA device.

 

Cisco

Cisco Catalyst

This app supports containment actions like 'set system vlan' in addition to investigative actions like 'get config' and 'get version' on a Cisco Catalyst switch.

 

Cisco

Cisco ESA

This app supports investigation on the Cisco Email Security Appliance (ESA) device.

 

Cisco

Cisco FireAMP

This app allows users to connect to FireAMP with actions such as list endpoints, hunt url, and hunt ip.

 

Cisco

Cisco Firepower

This app interfaces with Cisco Firepower devices to add or remove IPs or networks to a Firepower Network Group Object, which is configured with an ACL

 

Cisco

Cisco FireSIGHT

This app implements investigative actions on the FireSIGHT device

 

Cisco

Cisco ISE

This app implements investigative and containment actions like 'quarantine device', 'terminate session' and 'list sessions' etc. on a Cisco ISE device.

 

Cisco

Cisco Router BGP RTBH

This app interfaces with Cisco IOS-XE devices to create a blackhole for configured IPs or networks in Cisco BGP networks.

 

Cisco

Cisco Spark

Integrate with Cisco Spark to implement investigative actions

 

Cisco

Cisco Tetration

This app supports variety of investigative actions on Cisco Tetration Analytics

 

Cisco

Cisco Umbrella

This app allows management of a domain list on the OpenDNS Umbrella Security platform by implementing actions like 'block domain', 'unblock domain' and 'list blocked domains'.

 

Cisco

Duo Security

Use Duo Auth API to authenticate actions.

 

Cisco

Meraki

This app interfaces with the Cisco Meraki cloud managed devices. The search string specified is used to match a value in the client MAC address or description field. The default dashboard URL is dashboard.meraki.com. The API Key is generated in your account profile. An account with read only privileges is acceptable.

 

Cisco

PhishTank Phish Verification System

This app implements URL investigative capabilities utilizing PhishTank

 

ClickSend

ClickSend

This app integrates with ClickSend to send SMS messages

 

CloudPassage

CloudPassage

This app supports a variety of investigative actions on CloudPassage Halo

 

Code42

Code42

This app integrates with Code42 to execute various containment, corrective and investigative actions

 

Cofense

Cofense Intelligence

This App integrates with PhishMe Intelligence to provide various hunting and reporting actions in addition to threat ingestion

 

Critical Stack

Critical Stack

This app integrates with the CriticalStack feed to implement investigative actions

 

CRITs

CRITs

This App supports various investigative actions on CRITs

 

Chronicle

VirusTotal Threat Intelligence

This app integrates with the VirusTotal cloud to implement investigative and reputation actions

 

CrowdStrike

Crowdstrike Streaming

This app integrates with CrowdStrike security services to implement ingestion of endpoint security data

 

CrowdStrike

Crowdstrike Falcon Host

This app allows you to manage indicators of compromise (IOC) and investigate your endpoints on the Falcon Host API

 

Cuckoo

Cuckoo

This app supports executing various investigative actions on the Cuckoo sandbox

 

Cybereason

EDR

This app integrates with Cybereason to perform investigative, contain and corrective actions

 

Cylance

Cylance Protect

This app supports various investigative, containment, and corrective actions on CylancePROTECT

 

Cymmetria

MazeRunner

MazeRunner App

 

Cyware

Cyware

Implements event reporting on the Cyware platform

 

Digital Shadows

Digital Shadows

This app integrates with Digital Shadows SearchLight to ingest and investigate credentials found in data breaches

 

DomainTools

DomainTools

Use DomainTools to query various current and historical data regarding domain names, domain registration and IPs

 

DomainTools

DomainTools Iris

Use the DomainTools Iris Investigate API to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more

 

DShield

DShield

Implements lookup ip action by querying the DShield web API

 

EclecticIQ

EclecticIQ

TIP integration

 

Elastic

Elasticsearch

This app integrates with an Elasticsearch installation to implement ingestion and investigative actions

 

Empire

Empire

This app supports a variety of actions to interact with the REST API of Empire - https://github.com/powershellempire/empire

 

Endace

Endace

App integrates with the Endace Packet Capture device to implement investigative actions

 

Endgame

Endgame

This app integrates with Endgame to execute investigative and corrective actions

 

eSentire

Cymon

Queries Cymon for IP, URL, domain, and blacklist information.

 

Extrahop

Extrahop

This app integrates with the ExtraHop platform to perform investigative actions based on real-time network data

 

F5

BigIP

This app supports containment actions like 'block ip' or 'unblock ip' on an F5 BIG-IP appliance. There must be a firewall policy (Security››Network Firewall:Policies) configured on the BIG-IP and the name of the policy must be specified in the Action Parameters. The rule name can be the source IP address appended to a keyword string, e.g. 'Phantom' + ip

 

Farsight Security

DNSDB

This app supports investigative DNS lookup actions on DNSDB

 

FireEye

FireEye HX

FireEye HX Endpoint Security

 

FireEye

FireEye CM

Leverage the FireEye Web Services API to download malware objects.

 

Floodlight

Floodlight

Implements command and control for the Floodlight SDN controller

 

Forcepoint

Forcepoint Next Generation Firewall

This app integrates with Forcepoint Firewall

 

Forescout

Forescout NAC

This app implements various network access control actions for ForeScout

 

Fortinet

Fortisiem

This app implements powerful security, performance, compliance, information and event management. It provides rapid detection and remediation of security events

 

Fortinet

FortiGate

This app supports a variety of containment and investigative actions on the FortiGate Firewall.

 

Generic

BerryIO

This app supports actions for APIs on the BerryIO project for the Raspberry Pi, such as GPIO status, get and set.

 

Generic

Timer

This app will generate an empty event which can be used to kick off a playbook at scheduled intervals

 

Generic

NetBios

This app implements various investigative actions using the NetBIOS protocol

 

Generic

RSS

Ingest IOCs from an RSS Feed

 

Generic

Whois RDAP

This App implements the investigative action 'whois ip' using RDAP.

 

Generic

Whois

This App implements investigative actions that query the whois database

 

Generic

SSH

This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint

 

Generic

SMTP

This app provides the ability to send email using SMTP

 

Generic

REST Data Source

This app implements custom REST handlers for external implementations to push ingest data such as events and artifacts into Phantom

 

Generic

NMAP

This app integrates with NMAP in order to provide detailed network information

 

Generic

IMAP

This app supports email ingestion and various investigative actions over IMAP

 

Generic

HTTP

This App facilitates making HTTP requests as actions

 

Generic

Generator

This app generates ingested sample data

 

Generic

DNS

This app implements investigative actions that return DNS Records for the object queried

 

Generic

git

This app integrates with git and supports common git actions

 

Gigamon

GigaVUE FM

This app leverages APIs from GigaVUE-FM 5.1 and above to perform investigative and corrective actions

 

google

Big Query

This app allows running investigative actions against Google BigQuery

 

google

GSuite

This app allows various file manipulation actions to be performed on Google Drive

 

google

GRR Rapid Response

This app implements various actions from the GRR API

 

google

Safe Browsing

This app Integrate with Google Safe Browsing to execute reputation-based actions

 

google

GSuite for Gmail

Integrates with G Suite for various investigative and containment actions

 

Greynoise

Greynoise

This app implements investigate actions to fetch IP details using Greynoise API

 

HackerTarget

HackerTarget

This app supports executing investigative actions like 'traceroute', 'ping', 'whois ip', and 'whois domain' to analyze a host.

 

Hive Project

TheHive

This app integrates with an instance of TheHive to perform ticketing actions

 

HoneyDB

HoneyDB

Performs investigative actions on the HoneyDB service

 

HPE

ArcSight ESM

This app implements creating and updating cases on ArcSight

 

IBM

Watson

Leverage IBM Watson for language translation

 

IBM

XForce

This app implements various investigative actions on the IBM XForce device

 

IBM

QRadar

This app supports investigative actions like 'get events' and 'get flows' on an IBM QRadar device. It also supports ingesting Incidents and Events into Phantom containers and artifacts

 

IBM

BigFix

This app supports several investigative actions on IBM Big Fix

 

IF

Maker Channel

IFTTT Maker Channel connector

 

Imperva

SecureSphere WAF

This app implements containment actions by integrating with the SecureServer Device

 

InfluxData

InfluxDB

This app implements various investigative actions against an InfluxDB instance

 

Infoblox

DDI

This app supports various containment and investigative actions on Infoblox Grid Manager.

 

Interset

Interset

This app allows integration with the Interset analytics platform by implementing contain and investigate actions pertaining to importance and risk details respectively

 

Intsights

Cyber Intelligence

This app integrates with Intsights Cyber Intelligence.

 

Intsights

Intsights

This app integrates with Intsights Cyber Intelligence.

 

ipstack

ipstack

Integrates with ipstack to implement investigative actions

 

iSight-Partners

ThreatScape

This app integrates with iSight Partners' ThreatScape product. It implements the ingest action to pull campaign reports and parse them into containers with all the IOCs represented as artifacts. Investigative actions like 'hunt domain', 'hunt ip' etc. are also supported.

 

isitPhishing

isitPhishing

This app implements investigative actions on the isitPhishing service.

 

Ivanti

ITSM

This app integrates with Ivanti ITSM to provide ingestion and several ticketing actions

 

Jask

Jask

This app implements ingest action for fetching alerts on JASK ASOC Platform

 

Joe Sandbox

Joe Sandbox

This app supports executing investigative actions to analyze files and URLs on Joe Sandbox

 

Juniper Networks

Juniper Networks SRX

This app implements various containment actions like 'block ip' and 'block application' in addition to investigative actions like 'list applications' on a Juniper SRX device. Uses port 830 by default if no port is set.

 

Juniper Networks

Juniper Networks Cyphort

This app supports executing investigative actions like 'detonate file' to analyze executables on the Cyphort sandbox.

 

Kenna Security

Kenna Security

This app integrates with Kenna Security to implement various investigative actions

 

KnowThyCustomer

KnowThyCustomer

This app integrates with the KnowThyCustomer service to implement investigative actions

 

Koodous

Koodous Collaborative Malware Research Platform

This app integrates with Koodous to analyze APK files

 

Lastline

Lastline Detonator

This app supports executing investigative actions to analyze executables and URLs on the online Lastline sandbox

 

LogRhythm

LogRhythym SIEM

This app supports ingestion and several investigative actions on LogRhythm SIEM

 

MACVendors.com

MAC Address Vendor API Lookup

This app interfaces with the Cisco Meraki cloud managed devices. The search string specified is used to match a value in the client MAC address or description field. The default dashboard URL is dashboard.meraki.com. The API Key is generated in your account profile. An account with read only privileges is acceptable.

 

MalShare

MalShare Public Malware Repository

This app integrates with MalShare to provide several investigative actions

 

malwaredomainlist.com

Malware Domain List

This app retrieves IOC reputation from Malware Domain List

 

MalwareBytes

MalwareBytes Cloud Endpoint Security

This app integrates with the Malwarebytes Cloud platform to perform prevention, detection, remediation, and forensics endpoint management tasks

 

Malwr

Malwr Online Analysis and Research Platform

This app implements investigative actions on the Malwr cloud based sandbox.

 

Mattermost

Mattermost Chat Service

This app integrates with Mattermost to support various investigative actions

 

MaxMind

GeoIP2 IP Location Database

This app provides ip geolocation with the included MaxMind database.

 

McAfee

TrustedSource

McAfee TrustedSource provides an online service that enables you to check website categorization and risk levels

 

McAfee

Network Security Manager (NSM)

This app supports multiple containment actions on the McAfee NSM

 

McAfee

Enteprise Security Manager (ESM)

This app ingests data from a McAfee ESM device. Each event is parsed into a container and various event characteristics like the Rule, Signature and actionName are ingested into the event artifact.

 

McAfee

ePolicy Orchestrator (ePO)

This app implements various endpoint based investigative and containment actions by integrating with McAfee ePO

 

McAfee

OpenDXL

Push Notfications over McAfee OpenDXL

 

McAfee

Advanced Threat Defense (ATD)

This app supports executing investigative actions like 'detonate file' to analyze executables on the McAfee ATD appliance

 

Microsoft

Microsoft SQL Server

This app supports investigative actions against a Microsoft SQL Server

 

Microsoft

Windows Remote Management

This app integrates with the Windows Remote Management service to execute various actions

 

Microsoft

Microsoft Sharepoint

Provides various interactions with Microsoft SharePoint sites

 

Microsoft

Office 365

This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service

 

Microsoft

Windows Server - WMI

This App uses the WMI WQL to implement investigative actions that are executed on a Windows endpoint

 

Microsoft

Windows Server - Agent

 

Microsoft

Windows Server - LDAP

This app implements various actions that can be carried out on an AD server

 

Microsoft

Office 365

Connects to Office 365 using the MS Graph API

 

Microsoft

Exchange Server

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

 

Microsoft

System Center Operations Manager

This app integrates with Microsoft System Center Operations Manager (SCOM) to execute investigative actions

 

Microsoft

System Center Configuration Manager

This app integrates with Microsoft System Center Configuration Manager (SCCM) to execute investigative and generic actions

 

MISP Project

Malware Information Sharing Platform (MISP)

Take action with Malware Information Sharing Platform

 

Mnemonic

PassiveDNS

This app integrates with the Mnemonic Passive DNS API to implement investigative actions

 

MobileIron

MobileIron

This app allows endpoint management on MobileIron by implementing actions such as 'list devices', 'lock devices' and 'unlock device'.

 

MongoDB

MongoDB

This app supports CRUD operations in a MongoDB database

 

MxToolBox

MxToolBox

This app implements investigative actions on domains and IPs.

 

Myip.ms

Myip.ms Whois IP Service

This app integrates with the Myip.ms service to implement investigative actions

NC4

Soltra Edge Cyber Threat Communications Platform

This App acts as a STIX client and implements the ingest action to pull data from a Soltra Edge device to create containers and artifacts.

 

Netskope

Netskope Cloud Access Security Broker

This app integrates with the Netskope to execute various investigative and polling actions

 

NeutrinoAPI

Neutrino API Developer Power Tools

Detect potentially malicious or dangerous IP addresses by integrating with Neutrino API

 

Okta

Okta Identity and Access Management

This app supports various identity management actions on Okta

 

OpenStack

OpenStack Software Platform

This app interfaces with OpenStack to take an IP, and suspend the associated instance. It is intended to be coupled in a playbook with a ticketing system to log why the instance was suspended

 

OPSWAT

Metadefender Advanced Threat Prevention

App that connects to OPSWAT Metadefender for actions like ip reputation and file reputation.

 

Oracle

MySQL Database Server

This app supports investigative actions against a MySQL database

 

OSXCollector

OSXCollector Forensics and Analysis

Runs OSXCollector on an endpoint running OS X

 

PagerDuty

PagerDuty

This app integrates with PagerDuty to implement investigative and ticketing actions

 

Palo Alto Networks

WildFire Malware Analysis

This app supports file detonation for forensic file analysis on the Palo Alto Networks WildFire sandbox

 

Palo Alto Networks

AutoFocus Threat Intelligence

This app implements hunting and reporting actions on the AutoFocus threat intelligence service.

 

Palo Alto Networks

Panorama Network Security Management

This app integrates with the Palo Alto Networks Panorama product to support several containment and investigative actions.

 

Palo Alto Networks

Next-Generation Firewall

This app integrates with the Palo Alto Networks Firewall to support containment actions like 'block url', 'block application' and 'block ip' in addition to investigative actions like 'list applications'.

 

Payload Security

Falcon Sandbox

This app integrates with Falcon Sandbox Services to provide investigative actions

 

Phantom

Message Parser

Integrate with Slack to post messages and attachments to channels

 

Phantom

Phantom App for Kafka

Integrate with Slack to post messages and attachments to channels

 

Phantom

Phantom API

This App exposes various Phantom APIs as actions

 

PhishLabs

PhishLabs Casetracker Portal

This app implements investigative actions on the PhishLabs Casetracker Portal

 

PioLink

TiFRONT Cloud Security Switch

This app supports containment actions like 'block ip' and 'unblock ip' on a TiFRONT device.

 

Pipl

Pipl People Search

This app integrates with Pipl to perform an investigative action

 

PostgreSQL

PostgreSQL Database Server

This app supports investigative actions against a PostgreSQL database

 

Proofpoint

Targeted Attack Protection (TAP)

This App integrates with Proofpoint to implement ingestion and investigative actions

 

ProtectWise

Network Detection and Response (NDR)

This app integrates with the ProtectWise cloud platform to implement ingestion and investigative actions

 

Qualys

SSL Labs Assessment API

This app supports executing investigative actions to analyze a host

 

Rapid7

InsightVM Vulnerability Management

This app integrates with Rapid7 InsightVM (formerly Nexpose) to ingest scan data

 

Recorded Future

Recorded Future Threat Intelligence

Recorded Future

 

RedHat

Ansible Tower

This app launches a job template on Ansible Tower 3.0. The job template can be specified by its name or numeric value. Ansible extra vars can be specified to the playbook. After a successful launch, the app waits for the job to complete to return the job status, up to the specified dead interval iterations. With Ansible Tower 3.0 if extra variables need be passed, the job template must have 'Prompt on launch' checked.

 

RedLock

RedLock

This app integrates with RedLock and ingests new alerts

 

ReversingLabs

TitaniumCloud File Reputation

This app implements investigative actions on the ReversingLabs reputation service

 

ReversingLabs

A1000 Malware Analysis

This app integrates with the ReversingLabs A1000 Advanced Malware Analysis Appliance to implement investigative actions

 

ReversingLabs

TitaniumScale Malware Analysis

This app integrates with ReversingLabs TiScale Enterprise Scale File Visibility platform to automate analysis and investigative actions for file samples

 

RIPE

RIPE Abuse Intelligence

This app integrates with RIPE to support investigative actions

 

RSA

Security Analytics

This App supports ingestion and investigative actions on RSA Security Analytics

 

RSA

Archer

This app implements ticket management actions on RSA Archer GRC.

 

RSA

NetWitness Logs and Packets

This app supports investigative actions to collect log and packet captures from RSA NetWitness Logs and Packets.

 

RSA

NetWitness Endpoint

This app supports executing various endpoint-based investigative and containment actions on RSA NetWitness Endpoint

 

RiskIQ

PassiveTotal

This app implements investigative actions by integrating with the PassiveTotal cloud reputation service

 

Screenshot Machine

Screenshot Machine

This app integrates with the Screenshot Machine service

 

Security Onion

Security Onion

This app integrates with the ELSA service included in the Security Onion security distribution

 

SentinelOne

SentinelOne

This app integrates with the SentinelOne platform to perform prevention, detection, remediation, and forensic endpoint management tasks

 

ServiceNow

ServiceNow Platform

This app provides ServiceNow integration for tickets and records

 

ShadowDragon

SocialNet Social Media Forensics and Investigations

This app supports investigative actions on the SocialNet cloud investigation API

 

Shodan

Shodan Search Engine

This app implements investigative actions like query ip and query domain to get information from the shodan search engine.

 

Slack

Slack Collaboration Platform

Integrate with Slack to post messages and attachments to channels

 

Soliton Systems

Infotrace Mark II Endpoint Detection and Response

This app supports containment actions on Soliton Mark II Server

 

SonicWALL

Firewall

Manipulate SonicWALL firewall via ECLI

 

SQLite

SQLite Database Server

This app supports investigative actions against a local SQLite database

 

Sumo Logic

Sumo Logic Log Management and Analytics

This app integrates with the Sumo Logic cloud platform to implement investigative actions

 

Symantec

Symantec Messaging Gateway

This app integrates with an instance of Symantec Messaging Gateway to perform containment and corrective actions

 

Symantec

Symantec Endpoint Protection 14

Integrate with Symantec Endpoint Protection 14 to execute investigative, containment and corrective actions

 

Symantec

Symantec Data Loss Prevention (DLP)

This app ingests data from a Symantec Data Loss Prevention installation

 

Symantec

Symantec Content Analysis Software (CAS)

This app supports file investigation on the Symantec Content Analysis System

 

Symantec

Malware Analysis Service

Integrate with Malware Analysis Service (MAS) to execute actions like detonate file and get report

 

Symantec

DeepSight

This app supports hunting and a variety of investigative actions, in addition to report ingestion, from the Symantec DeepSight Intelligence cyber security service.

 

Symantec

Symantec Advanced Threat Protection (ATP)

This app integrates with a Symantec ATP (Advanced Threat Protection) device to implement ingestion, investigative and containment actions

 

Tala

Tala

This app implements various endpoint actions using Tala

 

Tanium

Tanium Endpoint Security

This app supports investigative and containment actions on Tanium

 

Tenable

Tenable.sc (SecurityCenter)

This app integrates with Tenable's SecurityCenter to provide endpoint-based investigative actions.

 

Tenable

Nessus Vulnerability Assessment

This app integrates with Tenable's Nessus scanner to provide endpoint-based investigative actions

 

ThreatConnect

ThreatConnect Threat Intelligence Platform

This app integrates with the ThreatConnect platform to provide various hunting actions in addition to threat ingestion.

 

ThreatCrowd

ThreatCrowd Threat Intelligence

This app provides free investigative actions such as file reputation, lookup domain, lookup ip, and lookup email.

 

ThreatMiner

ThreatMiner Threat Intelligence

This app integrates with the ThreatMiner API to provide investigation activities

 

ThreatQuotient

ThreatQ Threat Intelligence Platform

Integrates a variety of ThreatQ services into Phantom.

 

Tor

Tor Network

This app implements investigative actions to query info about the Tor network

 

TruSTAR

TruSTAR Intelligence Management Platform

This App integrates with TruSTAR to provide various hunting and reporting actions

 

Tufin

SecureTrack Firewall Policy Managment

This app supports investigative actions on Tufin SecureTrack

 

Twilio

Twilio Cloud Communications Platform

This app integrates with Twilio to send messages

 

unshorten.me

unshorten.me URL Expansion Service

This app integrates with the unshorten.me service to expand shortened URLs

 

urlscan.io

urlscan.io website scanner

This app supports investigative actions on urlscan.io

 

URLVoid

URLVoid Website Reputation Service

This app supports executing investigative and reputation actions on the URLVoid service

 

Vectra

Vectra Active Enforcement

This app ingests data from the Vectra Active Enforcement device

 

Verodin

Verodin Security Instrumentation Platform

Phantom app for Verodin

 

VictorOps

VictorOps DevOps Incident Management and IT Alerting

This app implements various investigative actions using VictorOps

 

VMRay

VMRay Malware Analysis Tool

Connector for VMRay Analyzer

 

VMware

vSphere Virtualization Management Software

This app implements investigative, containment and VM management actions on VMware ESXi or vCenter server

 

VMware

NSX Network Virtualization and Security

This app implements investigative and management action on VMware NSX, Network Virtualization and Security Platform

 

Volatility Foundation

Volatility Open Source Memory Forensics

This app implements a variety of investigative actions on the Volatility forensics analysis platform.

 

WiGLE

WiGLE Wireless Network Intelligence

This app integrates with the WiGLE service to implement investigative actions

 

xMatters

xMatters IT Event Management

This app integrates with xMatters to retrieve information about events and users

 

Zendesk

Zendesk Customer Service Software

This App allows for ticket management on Zendesk

 

Zetalytics

Zetalytics Passive DNS

This App implements investigative actions that query the ZETAlytics security feed and APIs

 

Zscaler

Zscaler Security System

This app implements containment and investigative actions on Zscaler