This page documents production updates to Google SecOps Response Integrations. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console , or programmatically access release notes in BigQuery .
To get the latest product updates delivered to you, add the URL of this page to your feed reader , or add the feed URL directly.
April 15, 2026
SentinelOneV2: Version 50.0
-
The following new job has been added:
- Sync Threats
CrowdStrike Falcon: Version 76.0
-
The following new job has been added:
- Sync Alerts
ServiceNow: Version 64.0
-
Added support for disabling overflow settings and updated ticket processing and environment mapping logic in the following connector:
- ServiceNow Connector
Zscaler: Version 14.0
-
Added the ability to provide IOCs using input parameters to the following actions:
-
Add To Blacklist
-
Add To Whitelist
-
Remove From Blacklist
-
Remove From Whitelist
-
-
Integration: Added support for OAuth authentication.
Mandiant Threat Intelligence: Version 17.0
-
Optimized execution performance and entity processing logic in the following action:
- Enrich Entities
April 10, 2026
Gmail: Version 9.0
-
A new predefined widget has been added to the following action:
- Delete Email
Tanium: Version 19.0
-
A new predefined widget has been added to the following action:
- Create Connection
Cynet: Version 13.0
-
New predefined widgets have been added to the following actions:
-
Delete Hash In Hosts
-
Kill Hash In Hosts
-
Quarantine Hash In Hosts
-
Area1: Version 9.0
-
A new predefined widget has been added to the following action:
- Search Indicator
Azure Active Directory: Version 26.0
-
A new predefined widget has been added to the following action:
- Is User In a Group
MX ToolBox: Version 14.0
-
A new predefined widget has been added to the following action:
- SPF Lookup
Active Directory: Version 41.0
-
New predefined widgets have been added to the following actions:
-
Is User In Group
-
List User Groups
-
Cisco Threat Grid: Version 18.0
-
New predefined widgets have been added to the following actions:
-
Get Hash Associated Domains
-
Get Hash Associated IPs
-
Google Chronicle: Version 81.0
-
The following new action has been added:
- Is CIDR In Data Table
Endgame: Version 15.0
-
New predefined widgets have been added to the following actions:
-
Collect Autoruns
-
Drivers Survey(Windows only)
-
Firewall Survey(Windows only)
-
Process Survey
-
Removable Media Survey(Windows only)
-
Software Survey(Windows only)
-
User Sessions Survey
-
AWS Identity and Access Management (IAM): Version 10.0
-
A new predefined widget has been added to the following action:
- Disable User Access
Carbon Black Response: Version 39.0
-
A new predefined widget has been added to the following action:
- Download Binary
Carbon Black Protection: Version 13.0
-
A new predefined widget has been added to the following action:
- Get Computers By File
McAfee ATD: Version 17.0
-
A new predefined widget has been added to the following action:
- Check Hash
UnshortenMe: Version 9.0
-
A new predefined widget has been added to the following action:
- Unshorten URL
CiscoUmbrella: Version 19.0
-
A new predefined widget has been added to the following action:
- Get Associated Domains
Microsoft Graph Mail: Version 40.0
-
A new predefined widget has been added to the following action:
- Get Mailbox Account Out Of Facility Settings
Exabeam Advanced Analytics: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Check Point SandBlast: Version 8.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Query
-
Upload File
-
Palo Alto AutoFocus: Version 12.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Hunt Domain
-
Hunt File
-
Hunt Ip
-
Hunt Url
-
XForce: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Hash Info
-
Get IP Info
-
Get IP malware
-
Get Url Info
-
Trend Micro Apex Central: Version 7.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Create Entity UDSO
-
Create File UDSO
-
Enrich Entities
-
BulkWhoIs: Version 18.0
-
Introduced light theme support for the predefined widget of the following action:
- WhoIs Details
Any.Run: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Report
Siemplify ThreatFuse: Version 19.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Google Cloud Policy Intelligence: Version 7.0
-
Introduced light theme support for the predefined widget of the following action:
- Search Service Account Activity
MISP: Version 38.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Event Details
-
Get Related Events
-
ReversingLabs Titanium: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Malware Details
MX ToolBox: Version 14.0
-
Introduced light theme support for predefined widgets of the following actions:
-
A Record Lookup
-
Blacklist Check
-
MX Record Lookup
-
Reverse DNS Lookup
-
Google Rapid Response (GRR): Version 11.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Client Details
-
List Clients
-
List Launched Flows
-
Armis: Version 15.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Lastline: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Analysis Results
McAfee Mvision EPO: Version 11.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Endpoint
Office 365 Cloud App Security: Version 26.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get IP related activities
-
Get User related activities
-
SSL Labs: Version 11.0
-
Introduced light theme support for the predefined widget of the following action:
- Analyse Entity
Qualys VM: Version 25.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Host
-
List Endpoint Detections
-
Exchange: Version 123.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Account Out Of Facility Settings
-
Send Email And Wait
-
Microsoft Defender ATP: Version 31.0
-
Added Graph API V2 version support to the following actions:
-
Get User Related Alerts
-
List Alerts
-
Ping
-
Update Alert
-
-
Deprecated the following actions:
-
Get File Related Alerts
-
Get Machine Related Alerts
-
-
Added Graph API V2 version support to the following connector:
(REGRESSIVE) The connector must be updated by April 10, 2026.
- Microsoft Defender ATP Connector V2
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Execute Live Response Command
-
Get File Related Alerts
-
Get File Related Machines
-
Get Machine Logon Users
-
Get Machine Recommendations
-
Get Machine Related Alerts
-
Get Machine Vulnerabilities
-
Get User Related Alerts
-
Cisco AMP: Version 23.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Computer Info
-
Get Computers By File Hash
-
Get Computers By File Name
-
Get Computers By Network Activity (Ip)
-
Get Computers By Network Activity (URL)
-
Isolate Machine
-
Unisolate Machine
-
HaveIBeenPwned: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Check Account
Symantec Blue Coat ProxySG: Version 7.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Block Entities
-
Enrich Entities
-
Cybereason: Version 25.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Sensor Details
-
Is Probe Connected
-
Cofense Triage: Version 21.0
-
Introduced light theme support for predefined widgets of the following actions:
-
EnrichURL
-
Get Domain Details
-
Get Threat Indicator Details
-
Slack: Version 30.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Send Advanced Message
-
Send Message
-
IPVoid: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Ip Reputation
RSA NetWitness EDR: Version 9.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Endpoint
-
Get IOC Details
-
Microsoft Intune: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Managed Device
Trend Micro DDAN: Version 6.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Submit File
-
Submit File URL
-
Tenable.io: Version 17.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
List Endpoint Vulnerabilities
-
JoeSandbox: Version 11.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Search Hash
-
Search Url
-
Endgame: Version 15.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Network Survey
-
System Survey
-
ThreatQ: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich CVE
-
Enrich Email
-
Enrich Hash
-
Enrich IP
-
Enrich URL
-
Get Indicator Details
-
Get Malware Details
-
Link Entities
-
Link Entities To Object
-
List Entity Related Objects
-
Update Indicator Score
-
Update Indicator Status
-
RSA NetWitness Platform: Version 17.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Endpoint
-
Enrich File
-
Query NetWitness For Events Around Host
-
Query NetWitness For Events Around IP
-
Query NetWitness For Events Around User
-
McAfee TIEDXL: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Get File Reputation
Symantec Endpoint Protection 14: Version 21.0
-
Introduced light theme support for the predefined widget of the following action:
- GetSystemInfo
FireEye AX: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Submit URL
Splash: Version 7.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
MalShare: Version 11.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Hash
Elastica CloudSOC: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Get User Activities
Amazon Macie: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Findings
CiscoUmbrella: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Domain Security Info
-
Get Domain Status
-
Get Whois
-
Is Domain In Cisco Popularity List
-
SCCM: Version 21.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Computer Properties
-
Get Login History
-
Web Risk: Version 4.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Submit Entities
-
DShield: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Ip Info
Tenable Security Center: Version 22.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich IP
-
Get Related Assets
-
Get Vulnerabilities for IP
-
ServiceNow: Version 63.0
-
Introduced light theme support for the predefined widget of the following action:
- List Records Related To User
McAfee EPO: Version 37.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Compare Server and Agent DAT
-
Get Agent Information
-
Get Dat Version
-
Get Endpoint Events
-
Get Events For Hash
-
Get Host IPS Status
-
Get Host Network IPS Status
-
Get Last Communication Time
-
Get McAfee Epo Agent Version
-
Get System Information
-
Get Virus Engine Agent Version
-
Run Full Scan
-
Update Mcafee Agent
-
RSA NetWitness: Version 20.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Query NetWitness For Events Around Host
-
Query NetWitness For Events Around IP
-
Query NetWitness For Events Around User
-
Axonius: Version 7.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Add Note
-
Enrich Entities
-
Automox: Version 8.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Execute Device Command
-
Execute Policy
-
Cylance: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Threat
-
Get Threat Devices
-
Get Threat Download Link
-
Anomali: Version 15.0
-
Introduced light theme support for the predefined widget of the following action:
- GetThreatInfo
TruSTAR: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
PhishingInitiative: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Url Status
Digital Shadows: Version 12.0
-
Introduced light theme support for predefined widgets of the following actions:
-
EnrichCVE
-
EnrichHash
-
EnrichIP
-
EnrichURL
-
iBoss: Version 14.0
-
Introduced light theme support for the predefined widget of the following action:
- URL Lookup
Google Cloud IAM: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Service Account IAM Policy
-
Rotate Service Account Keys
-
Set Service Account IAM Policy
-
Sumo Logic Cloud SIEM: Version 13.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Search Entity Signals
-
Microsoft Teams: Version 37.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Create Chat
-
Send User Message
-
FortiAnalyzer: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Sophos: Version 21.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Events Log
-
Get Services Status
-
Palo Alto Cortex XDR: Version 27.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Scan Endpoint
-
Cisco Threat Grid: Version 18.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Submissions
Intezer: Version 14.0
-
Introduced light theme support for the predefined widget of the following action:
- Submit Hash
Recorded Future: Version 22.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich CVE
-
Enrich Hash
-
Enrich Host
-
Enrich IP
-
Enrich IOC
-
Enrich URL
-
Gmail: Version 9.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Search For Emails
-
Wait For Thread Reply
-
Illusive Networks: Version 7.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Run Forensic Scan
-
VirusTotal: Version 42.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Domain Report
-
Scan Hash
-
Scan IP
-
Scan URL
-
Upload And Scan Files
-
Anomali ThreatStream: Version 15.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
ThreatConnect: Version 17.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Azure Active Directory: Version 26.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Host
-
Enrich User
-
Get Manager Contact Details
-
List Users
-
List User's Groups Membership
-
Revoke User Session
-
Splunk: Version 65.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Host Events
Attivo: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Cisco ISE: Version 16.0
-
Introduced light theme support for the predefined widget of the following action:
- Add Endpoint To Endpoint Identity Group
DeepSight: Version 11.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Scan Domain
-
Scan Email
-
Scan File Name
-
Scan Hash
-
Scan IP
-
Scan URL
-
Symantec Email Security Cloud: Version 5.0
-
Introduced light theme support for the predefined widget of the following action:
- Block Entities
GSuite: Version 26.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Get Extension Details
-
Get Group Details
-
Get Host Browser Details
-
List Group Privileges
-
List User Privileges
-
Revoke User Session
-
Search User Activity Events
-
SymantecESCC: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Google Cloud Compute: Version 17.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
FireEye HX: Version 23.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Host Alert Groups
-
Get Host Info
-
Get List of File Acquisitions For Host
-
Is Contain Malware Alerts
-
Rapid7 InsightVm: Version 16.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Asset
McAfee Mvision EDRV2: Version 5.0
-
Introduced light theme support for the predefined widget of the following action:
- Create Investigation
HCL BigFix Inventory: Version 5.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
SiemplifyUtilities: Version 29.0
-
Added support for a custom delimiter in the following action:
- Query Joiner
Nmap: Version 4.0
-
Introduced light theme support for the predefined widget of the following action:
- Scan Entities
VMware Carbon Black Enterprise EDR: Version 10.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Hash
-
Get Events Associated With Process by Process Guide
-
Process Search
-
Outpost24: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
PassiveTotal: Version 14.0
-
Introduced light theme support for predefined widgets of the following actions:
-
WhoIs Address Reputation
-
Whois Host Reputation
-
WhoIs Scan Address
-
WhoIs Scan Domain
-
Carbon Black Defense: Version 12.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Device Info
-
Get Events
-
Get Processes
-
QRadar: Version 67.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Similar Events Query
-
Similar Flows Query
-
SentinelOneV2: Version 49.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Create Hash Blacklist Record
-
Create Hash Exclusion Record
-
Get Agent Status
-
Get Application List For Endpoint
-
Get Events For Endpoint Hours Back
-
Get Group Details
-
Get Hash Reputation
-
Zscaler: Version 13.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Sandbox Report
-
Lookup Entity
-
McAfee Mvision EDR: Version 11.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Endpoint
Tanium: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Delete File
-
Enrich Entities
-
List Endpoint Events
-
Quarantine Endpoint
-
VMware Carbon Black Endpoint Standard Live Response: Version 10.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Create Memdump
-
Delete File
-
Delete File from Cloud Storage
-
Download File
-
Execute File
-
Kill Process
-
List Files
-
List Files in Cloud Storage
-
List Processes
-
Put File
-
VSphere: Version 12.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Vm By Ip
Nozomi Networks: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Active Directory: Version 41.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich entities
-
Get Manager Contact Details
-
Talos: Version 20.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Reputation
-
WhoIs
-
Check Point Threat Reputation: Version 8.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get File Hash Reputation
-
Get Host Reputation
-
Get IP Reputation
-
Zabbix: Version 16.0
-
Introduced light theme support for the predefined widget of the following action:
- Execute Script
FireEye Helix: Version 19.0
-
Introduced light theme support for the predefined widget of the following action:
- Add Entities To a List
Malware Domain List: Version 11.0
-
Introduced light theme support for the predefined widget of the following action:
- Check URL
AlienVault USM Appliance: Version 26.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Assets
-
Enrich Vulnerabilities
-
Alexa: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Get URL Rank
AWS GuardDuty: Version 12.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get a Trusted IP List
-
Get Detector Details
-
Get Threat Intelligence Set Details
-
HTTP: Version 15.0
-
Introduced light theme support for the predefined widget of the following action:
- Get URL Data
BlueLiv: Version 13.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
List Entity Threats
-
Azure AD Identity Protection: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Carbon Black Response: Version 39.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Binary
-
Enrich Process
-
Get System Info
-
Hosts By Process
-
List Processes
-
Falcon Sandbox: Version 21.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Hash Scan Report
-
Scan URL
-
Submit File
-
CSV: Version 41.0
-
Introduced light theme support for predefined widgets of the following actions:
-
CSV Search by Entity
-
CSV Search by String
-
URLVoid: Version 14.0
-
Introduced light theme support for the predefined widget of the following action:
- Get domain reputation
Harmony Mobile: Version 7.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
Cloudflare: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Add URL To Rule List
Carbon Black Protection: Version 13.0
-
Introduced light theme support for the predefined widget of the following action:
- Analyze File
Jira: Version 56.0
-
Introduced light theme support for the predefined widget of the following action:
- Search Users
Microsoft Graph Mail Delegated: Version 17.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Mailbox Account Out Of Facility Settings
Trend Vision One: Version 9.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
Execute Custom Script
-
Isolate Endpoint
-
Submit File
-
Submit URL
-
Unisolate Endpoint
-
Internet Storm Center: Version 6.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
AlienVaultTI: Version 14.0
-
Introduced light theme support for the predefined widget of the following action:
- Enriches Entities
Google Threat Intelligence: Version 14.0
-
Migrated the following connector to new API endpoints:
- Google Threat Intelligence - Livehunt Connector
Shodan: Version 17.0
-
Introduced light theme support for the predefined widget of the following action:
- Get Ip Info
Cisco Vulnerability Management: Version 3.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
List Asset Vulnerabilities
-
ForeScout CounterACT: Version 6.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
McAfee ESM: Version 46.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get Similar Events
-
Send Entity Query To ESM
-
LogRhythm: Version 23.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
List Entity Events
-
Mandiant ASM: Version 13.0
-
Introduced light theme support for the predefined widget of the following action:
- Search ASM Entities
Ivanti Endpoint Manager: Version 10.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Enrich Entities
-
List Endpoint Vulnerabilities
-
Cuckoo: Version 14.0
-
Introduced light theme support for the predefined widget of the following action:
- Detonate Url
IntSights: Version 27.0
-
Introduced light theme support for the predefined widget of the following action:
- Search IOCs
Vectra: Version 13.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Endpoint
McAfee ATD: Version 17.0
-
Introduced light theme support for the predefined widget of the following action:
- Submit URL
FortinetFortiSIEM: Version 10.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Entities
ThreatCrowd: Version 9.0
-
Introduced light theme support for the predefined widget of the following action:
- EnrichEntities
APIVoid: Version 14.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Get domain reputation
-
Get Ip Reputation
-
Get Screenshot
-
Get URL Reputation
-
Verify Email
-
McAfee Mvision EPOV2: Version 8.0
-
Introduced light theme support for the predefined widget of the following action:
- Enrich Endpoint
VMRay: Version 19.0
-
Introduced light theme support for predefined widgets of the following actions:
-
Scan Hash
-
Scan URL
-
Google Chronicle: Version 81.0
-
Added support for CIDR matching to the following action:
- Is Value In Reference List
April 01, 2026
Microsoft 365 Defender: Version 26.0
-
The following new job has been added:
- Sync Alerts
SentinelOneV2: Version 48.0
-
The following new job has been added:
- Sync Alerts
Microsoft Teams: Version 36.0
-
Optimized user lookup logic for the following actions:
-
Add Users To Channel
-
Create Chat
-
Akamai: Version 6.0
-
Updated the JSON results of the following actions:
-
Add Items To Client List
-
Remove Items From Client List
-
Source code is now publicly available on GitHub for the following integrations:
-
CyberX: Version 6.0
-
JuniperVSRX: Version 11.0
-
McAfee NSM: Version 11.0
-
Micro Focus ITSMA: Version 7.0
-
Portnox: Version 9.0
-
ReversingLabs A1000: Version 10.0
-
Stealthwatch V6.10: Version 6.0
-
Symantec Content Analysis: Version 7.0
Azure Active Directory: Version 25.0
-
Added the ability to fetch last login time information to the following actions:
-
Enrich User
-
Get Manager Contact Details
-
March 25, 2026
Azure API: Version 3.0
-
Added predefined widget to the following action:
- Ping
Microsoft Graph Security: Version 26.0
-
Added predefined widget to the following action:
- Get Incident
Google Cloud IAM: Version 20.0
-
The following new action has been added:
- Rotate Service Account Keys
Siemplify: Version 106.0
-
The following new action has been added:
- Search Cases
-
Added predefined widget to the following action:
- Search Cases
Microsoft Defender ATP: Version 30.0
-
The following new actions have been added:
-
Get Machine Recommendations
-
Get Machine Vulnerabilities
-
Get User Related Alerts
-
BitSight: Version 12.0
-
IIntroduced Light Theme compatibility for the predefined widget of the following action:
- Get Company Details
RSA NetWitness Platform: Version 16.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Update Incident
CyberArk Credential Provider: Version 3.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Application Password Value
-
Run CLI Application Password SDK Command
-
CrowdStrike Falcon: Version 75.0
-
Added offline queueing support to the following actions:
-
Execute Command
-
Run Script
-
MobileIron: Version 6.0
- Integration: The integration's source code is now publicly available on Github .
FireEye HX: Version 22.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Acknowledge Alert Groups
-
Get Indicator
-
Anomali ThreatStream: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Related Associations
-
Get Related Entities
-
HashiCorp Vault: Version 6.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Generate AWS Credentials
-
List AWS Roles
-
List Key-Value Secret Keys
-
Read Key-Value Secret
-
AWS WAF: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Rule Groups
-
List Web ACLs
-
Microsoft Graph Security: Version 26.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Alert
JoeSandbox: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Detonate File
ThreatQ: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Attribute
-
Add Source
-
Create Adversary
-
Create Event
-
Create Indicator
-
Create Object
-
Link Objects
-
Symantec Endpoint Security Complete Cloud: Version 8.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Symantec Endpoint Security Complete Cloud
EmailV2: Version 40.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Delete Email
-
Forward Email
-
Save Email Attachments To Case
-
Send Email
-
Send Thread Reply
-
Wait for Email from User
-
Cofense Triage: Version 20.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Tags To Report
-
Categorize Report
-
Download Report Email
-
Download Report Preview
-
Get Report Reporters
-
CA Service Desk Manager: Version 26.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Wait For Status Change
Microsoft Defender ATP: Version 30.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Update Alert
Akamai: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Activate Client List
-
Activate Network List
-
Add Items To Network List
-
Remove Items From Network List
-
SSH: Version 20.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Connections
-
List iptables Rules
-
List Processes
-
Run Command
-
Microsoft Azure Sentinel: Version 62.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Comment to Incident
-
Create Alert Rule
-
Create Custom Hunting Rule
-
Get Alert Rule Details
-
Get Custom Hunting Rule Details
-
Get Incident Statistic
-
Update Alert Rule
-
Update Custom Hunting Rule
-
Update Incident Details
-
Update Incident Details v2
-
Update Incident Labels
-
Update Incident Labels v2
-
Google Cloud Compute: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To Firewall Rule
-
Add Network Tags
-
Delete Instance
-
Execute VM Patch Job
-
Remove IP From Firewall Rule
-
Remove Network Tags
-
Start Instance
-
Stop Instance
-
Update Firewall Rule
-
Microsoft Graph Mail Delegated: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Forward Email
-
Save Email to the Case
-
Send Email
-
Send Email HTML
-
Send Thread Reply
-
Send Vote Email
-
Wait For Email From User
-
Wait For Vote Email Results
-
Extrahop: Version 8.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Update Detection
Palo Alto Cortex XDR: Version 26.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Incident Details
-
Query
-
Recorded Future: Version 21.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Alert Details
VSphere: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get System Info
FireEye CM: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IOC Feed
-
Download Alert Artifacts
-
Tenable.io: Version 16.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Scan Endpoints
Remote Agent Utilities: Version 7.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Serialize A File
FireEye Helix: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Archive Search
-
Get Alert Details
-
Index Search
-
Okta: Version 16.0
- Integration: Added support for OAuth authentication.
Office 365 CloudApp Security: Version 25.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To IP Address Range
-
Create IP Address Range
-
Remove IP From IP Address Range
-
Palo Alto Prisma Cloud: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Enrich Assets
Google Cloud Armor: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add a Rule to a Security Policy
-
Create a Security Policy
-
Update a Security Policy
-
Redis: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add To List
-
Get List
-
Carbon Black Response: Version 38.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get FileMod Data For Process
-
Get Process Tree Data
-
Microsoft Graph Mail: Version 39.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Forward Email
-
Save Email to the Case
-
Send Email
-
Send Email HTML
-
Send Thread Reply
-
Send Vote Email
-
Wait For Email From User
-
Wait For Vote Email Results
-
NessusScanner: Version 12.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Scan Templates
Atlassian Confluence Server: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Child Pages
-
Get Page by ID
-
Get Page Comments
-
List Pages
-
Slack: Version 29.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Build Block
-
Create Channel
-
Get User Details
-
Get User Details By Id
-
Rename Channel
-
Wait For Reply
-
Wait For Reply With Webhook
-
McAfee ATD: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Report
-
Submit File
-
Symantec ICDX: Version 9.0
- Integration: The integration's source code is now publicly available on Github .
McAfee NSM: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Alert Info Data
Cloudflare: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Firewall Rule
-
Create Rule List
-
Update Firewall Rule
-
Rapid7 InsightIDR: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Saved Query
-
Set Investigation Assignee
-
Set Investigation Status
-
Update Investigation
-
Exchange Extension Pack: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Domains to Exchange-Siemplify Mail Flow Rules
-
Add Senders to Exchange-Siemplify Mail Flow Rule
-
Purge Compliance Search Results
-
Remove Domains from Exchange-Siemplify Mail Flow Rules
-
Remove Senders from Exchange-Siemplify Mail Flow Rules
-
Run Compliance Search
-
CSV: Version 40.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Save Json To CSV
Mandiant ASM: Version 12.0
-
IIntroduced Light Theme compatibility for the predefined widget of the following action:
- Update Issue
Shodan: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
DNS Resolve
-
DNS Reverse
-
Get Api Info
-
Google Kubernetes Engine: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Operation Status
-
List Clusters
-
List Node Pools
-
List Operations
-
Set Cluster Addons
-
Set Cluster Labels
-
Set Node Autoscaling
-
Set Node Count
-
Set Node Pool Management
-
SiemplifyUtilities: Version 28.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Delete File
-
Filter JSON
-
Get Deployment URL
-
List Operations
-
Parse EML to JSON
-
Anomali: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Related Associations
Reversinglabs A1000: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Upload File
CyberArk PAM: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Account Password Value
Jira: Version 55.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Alert Issue
-
Create Issue
-
List Issues
-
Update Issue
-
Ivanti Endpoint Manager: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Query
-
List Column Set Fields
-
List Column Sets
-
List Delivery Methods
-
List Packages
-
List Queries
-
Check Point Firewall: Version 15.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add a SAM Rule
-
Remove SAM Rule
-
Run Script
-
Any.Run: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
AnalyzeFile
-
AnalyzeFileURL
-
AnalyzeURL
-
Carbon Black Protection: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
- Get System Info
LogRhythm: Version 22.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Note To Case
-
Create Cas
-
Download Case Files
-
Update Case
-
BMC Remedy ITSM: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Incident
-
Create Record
-
Wait For Incident Fields Update
-
Wait For Record Fields Update
-
AlienVault USM Anywhere: Version 35.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Alarm Details
Zoho Desk: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Comment To Ticket
-
Create Ticket
-
Update Ticket
-
AWS GuardDuty: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create a Detector
-
Create a Trusted IP List
-
Create Threat Intelligence Set
-
Get all Trusted IP lists
-
Get Finding Details
-
List Detectors
-
List Findings for a Detector
-
List Threat Intelligence Sets
-
AWS Elastic Compute Cloud (EC2): Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Instances
-
List Security Groups
-
Take Snapshot
-
Cybereason: Version 24.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Malop
-
List Malop Processes
-
List Reputation Items
-
Rapid7 InsightVm: Version 15.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Scan Results
-
Launch Scan
-
Cisco AMP: Version 22.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Group
-
Get File Lists By Policy
-
Get Groups
-
Get Policies
-
Trend Micro Cloud App Security: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Enrich Entities
CiscoUmbrella: Version 18.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Malicious Domains
Solar Winds Orion: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Enrich Endpoint
-
Execute Entity Query
-
Execute Query
-
Tenable Security Center: Version 21.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To IP List Asset
-
Create IP List Asset
-
Get Report
-
Get Scan Results
-
Run Asset Scan
-
Gmail: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Forward Email
-
Save Email To The Case
-
Send Email
-
Send Thread Reply
-
FireEye AX: Version 8.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Appliance Details
FortiAnalyzer: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Comment To Alert
-
Update Alert
-
WMI: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- GetSystemInfo
Google Chat: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Send Advanced Message
-
Send Message
-
SentinelOneV2: Version 47.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Device Control Rule
-
Download Threat File
-
Enrich Endpoint
-
Get System Status
-
Update Alert
-
Update Device Control Rule
-
Google Translate: Version 6.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Translate Text
-
List Languages
-
Exchange: Version 122.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Save Mail Attachments To The Case
-
Send Mail
-
Send Thread Reply
-
Send Vote Mail
-
Wait for mail from user
-
Wait for Vote Mail Results
-
Symantec ATP: Version 12.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Incident Comments
Azure API: Version 3.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Execute HTTP Request
Tanium: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Question
-
Download File
-
Get Question Results
-
Site24x7: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Generate Refresh Token
ConnectWise: Version 21.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Attachment To Ticket
-
Get Ticket
-
Cisco Threat Grid: Version 17.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Upload Sample
Zendesk: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Ticket Details
-
Search Tickets
-
Symantec Endpoint Protection 12: Version 15.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- GetReport
ServiceNow: Version 62.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Comment To Record
-
Add Parent Incident
-
Create Alert Incident
-
Create Incident
-
Create Record
-
Get Incident
-
Get Oauth Token
-
Get Record Details
-
Update Incident
-
Update Record
-
Wait For Field Update
-
Wait For Status Update
-
Cuckoo: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Detonate File
-
Get Report
-
Sophos: Version 20.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Alert Actions
IronPort: Version 15.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get All Recipients By Sender
-
Get All Recipients By Subject
-
Get Report
-
Lastline: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Search Analysis History
-
Submit File
-
Submit URL
-
F5 BIG-IP iControl API: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To Address List
-
Add IP To Data Group
-
Add Port To Port List
-
Create Address List
-
Create Data Group
-
Create iRule
-
Create Port List
-
Remove IP From Address List
-
Remove IP From Data Group
-
Remove Port From Port List
-
Update iRule
-
Palo Alto Panorama: Version 35.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Ips to group
-
Block ips in policy
-
Block Urls
-
Edit Blocked Applications
-
Get Blocked Applications
-
Remove Ips from group
-
Unblock ips in policy
-
Unblock Urls
-
Cynet: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Hash Query
-
Remediation Status
-
Trend Vision One: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Email
-
Update Workbench Alert
-
MalShare: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Upload File
Tor: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Is Exit Node
Qualys VM: Version 24.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Report
-
List Ips
-
BMC Helix Remedyforce: Version 17.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Record
-
Wait For Fields Update
-
AlienVault USM Appliance: Version 25.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get PCAP Files For Events
Service Desk Plus: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Request
-
Get Request
-
Update Request
-
FireEye NX: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Download Alert Artifacts
Intezer: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Alert
-
Submit Alert
-
Submit File
-
Submit Suspicious Email
-
MISP: Version 37.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Event
-
Create File Misp Object
-
Create IP-Port Misp Object
-
Create network-connection Misp Object
-
Create Virustotal-Report Object
-
Download File
-
Publish Event
-
Unpublish Event
-
Upload File
-
Palo Alto Next Gen Firewall: Version 28.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Ips to group
-
Block ips in policy
-
Block Urls
-
Edit Blocked Applications
-
Get Blocked Applications
-
Remove Ips from group
-
Unblock ips in policy
-
Unblock Urls
-
Illusive Networks: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Deceptive Items
Freshworks Freshservice: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Agent
-
Deactivate Agent
-
Update Agent
-
Splunk: Version 64.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Submit Event
AlgoSec: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Allow IP
-
Block IP
-
Wait for Change Request Status Update
-
Salesforce: Version 17.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Case
-
Search Records
-
RSA Archer: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Incident Journal Entry
-
Create Incident
-
Get Incident Details
-
Update Incident
-
QRadar: Version 66.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
QRadar AQL Search
-
QRadar Simple AQL Search
-
Update Offense
-
Mimecast: Version 15.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Create Block Sender Policy
Sumo Logic Cloud SIEM: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Tags To Insight
-
Add Comment To Insight
-
Update Insight
-
ArcSight: Version 45.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Resources
Microsoft Teams: Version 35.0
-
Integration: Updated dependencies.
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Channel
-
Create Channel
-
Send Chat Message
-
Send Message Reply
-
Wait For Reply
-
Service Desk Plus V3: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Note
-
Add Note And Wait For Reply
-
Close Request
-
Create Alert Request
-
Create Request
-
Create Request - Dropdown Lists
-
Get Request
-
Update Request
-
Wait For Field Update
-
Wait For Status Update
-
AWS CloudWatch: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Log Group
-
Create Log Stream
-
Endgame: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Investigation Details
Falcon Sandbox: Version 20.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Wait For Job and Fetch Report
Google Cloud Recommender: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Apply IAM Recommendations
HTTP Rest API: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Data
-
Post Data
-
Google Threat Intelligence: Version 13.0
-
Improved loading for predefined widgets of the following actions:
-
Enrich Entities
-
Enrich IOC
-
-
Removed the usage of a deprecated API endpoint and the
Retrieve AI Summaryparameter from the following action:- Submit File
IntSights: Version 26.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Download Alert CSV
March 18, 2026
Microsoft Graph Mail: Version 37.0
-
A new predefined widget has been added to the following action:
- Delete Email
CrowdStrike Falcon: Version 73.0
-
The following new action has been added:
- Hide Hosts
Endgame: Version 73.0
-
New predefined widgets have been added to following actions:
-
Get Endpoints
-
Get Host Isolation Config
-
Hunt File
-
Hunt IP
-
Hunt Process
-
Hunt Registry
-
Hunt User
-
List Investigations
-
Microsoft Graph Security: Version 24.0
-
A new predefined widget has been added to the following action:
- List Incidents
Azure Security Center: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Regulatory Standards
-
List Regulatory Standard Controls
-
Zoho Desk: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Ticket Details
Stellar Cyber Starlight: Version 17.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced Search
-
Simple Search
-
Siemplify ThreatFuse: Version 17.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Related Associations
-
Get Related Domains
-
Get Related Email Addresses
-
Get Related Hashes
-
Get Related IPs
-
Get Related URLs
-
Submit Observables
-
Devo: Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced Query
-
Simple Query
-
AWS CloudWatch: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Log Groups
-
List Log Streams
-
Search Log Events
-
ZScaler: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Url Categories
Google Workspace: Version 24.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Members To Group
-
Block Extension
-
Create Group
-
Create OU
-
Create User
-
Delete Extension
-
List Group Members
-
List OU Of Account
-
List Users
-
Update OU
-
Update User
-
Azure Active Directory: Version 23.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Groups
-
List Members in the Group
-
Trend Micro Cloud App Security: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Entity Email Search
Tanium: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Task Details
-
List Connections
-
Intezer: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Detonate File
-
Detonate Hash
-
Detonate URL
-
Get File Report
-
Get URL Report
-
Index File
-
RSA NetWitness: Version 18.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Run General Query
MongoDB: Version 8.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Free Query
Exchange: Version 120.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Block Sender by Message ID
-
Delete Mail
-
Download Attachments
-
Extract EML Data
-
List Exchange-Siemplify Inbox Rules
-
Move Mail To Folder
-
Search Mails
-
Unblock Sender by Message ID
-
ThreatQ: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Events
-
List Related Objects
-
RSA NetWitness Platform: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Run General Query
Carbon Black Response: Version 36.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Binary Free Query
-
Process Free Query
-
Symantec Endpoint Protection: Version 19.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Report And Enrich
-
GetReport
-
ListEndpoints
-
ListGroups
-
AlienVault USM Anywhere: Version 33.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Events
Mandiant Digital Threat Monitoring: Version 5.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Update Alert
FireEye CM: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Custom Rules File
-
Download Quarantined Email
-
List IOC Feeds
-
List Quarantined Emails
-
Google Threat Intelligence: Version 11.0
-
Updated
is_suspiciousandis_riskylogic handling in the following actions:-
Enrich Entities
-
Submit File
-
Shodan: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Search
-
SearchForExploits
-
Snowflake: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Query
-
Execute Simple Query
-
Proofpoint Threat Protection: Version 2.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Allow List Entries
-
Get Block List Entries
-
Vectra: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Triage Rule Details
MSSQL: Version 18.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- RunSQLQuery
Rapid7 InsightVm: Version 13.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Scans
ServiceNow: Version 60.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Attachment
-
Download Attachments
-
Get Child Incident Details
-
Get CMDB Record Details
-
Get User Details
-
List CMDB Records
-
List Record Comments
-
Wait For Comments
-
CiscoUmbrella: Version 16.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Top Domains
RSA NetWitness EDR: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To Blacklist
-
Add URL To Blacklist
-
Microsoft 365 Defender: Version 24.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Query
-
Execute Entity Query
-
Execute Query
-
Easy Vista: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get EasyVista Ticket
Sumologic: Version 18.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Search
Symantec Endpoint Security Complete Cloud: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Device Groups
Google Rapid Response (GRR): Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Hunt Details
-
List Hunts
-
Start a Hunt
-
Stop a Hunt
-
TruSTAR: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Related IOCs
-
Get Related Reports
-
List Enclaves
-
FireEye AX: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Submit File
McAfee ATD: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Analyzer Profiles
Mimecast: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced Archive Search
-
Simple Archive Search
-
Microsoft Azure Sentinel: Version 60.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Alert Rules
-
List Custom Hunting Rules
-
List Incidents
-
Run Custom Hunting Rule Query
-
Run KQL Query
-
ElasticSearch: Version 42.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced ES Search
-
DSL Search
-
Simple ES Search
-
FireEye HX: Version 20.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Alert Group Details
-
Get Alerts
-
Get Alerts in Alert Group
-
Get Indicators
-
FortiGate: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Address Groups
-
List Policies
-
CBProtection: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Find File
BlueLiv: Version 11.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Add Comment to a Threat
MISP: Version 35.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Attribute
-
Add Sighting to an Attribute
-
Add Tag to an Attribute
-
Add Tag to an Event
-
Create Url Misp Object
-
Delete an Attribute
-
Delete an Event
-
List Event Objects
-
List Sightings of an Attribute
-
Remove Tag from an Attribute
-
Remove Tag from an Event
-
Exchange Extension Pack: Version 11.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Fetch Compliance Search Results
-
List Exchange-Siemplify Mail Flow Rules
-
Google Cloud Storage: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download an Object From a Bucket
-
Get a Bucket's Access Control List
-
List Bucket Objects
-
List Buckets
-
Upload an Object To a Bucket
-
Microsoft Graph Mail Delegated: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Delete Email
-
Download Attachments from Email
-
Extract Data from Attached EML
-
Move Email To Folder
-
Run Microsoft Search Query
-
Search Emails
-
Ivanti Endpoint Manager: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Task
-
Scan Endpoints
-
Akamai: Version 3.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Items To Client List
-
Get Client Lists
-
Get Network Lists
-
Remove Items From Client List
-
CyberArk PAM: Version 7.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Accounts
Nozomi Networks: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Vulnerabilities
-
Run a Query
-
iBoss: Version 12.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Policy Block List Entries
FireEye EX: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Alert Artifacts
-
Download Quarantined Email
-
List Quarantined Emails
-
AWS Security Hub: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Insight
-
Get Insight Details
-
Mandiant ASM: Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get ASM Entity Details
-
Search Issues
-
Cisco Orbital: Version 17.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Execute Query
IronScales: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Incident Details
-
Get Incident Mitigation Details
-
Get Mitigation Impersonation Detail
-
Get Mitigations Per Mailbox
-
Google Cloud IAM: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Role
-
Create Service Account
-
Delete Role
-
List Roles
-
List Service Accounts
-
Armis: Version 13.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Alert Connections
Attivo: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Critical ThreatPath
-
List Service ThreatPaths
-
List Vulnerability Hosts
-
Falcon Sandbox: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Analyze File
-
Analyze File URL
-
Search
-
Tenable.io: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Vulnerability Details
-
List Plugin Families
-
List Policies
-
List Scanners
-
Google Chat: Version 5.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Spaces
IntSights: Version 24.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Alert Image
Jira: Version 53.0
-
Integration: Added support for service account token based authentication.
-
Integration: Updated issue object handling.
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Attachments
-
Get Issues
-
List Relation Types
-
Google BigQuery: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Run Custom Query
-
Run SQL Query
-
ArcSight: Version 43.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Activelist Entries
-
Get Query Results
-
Get Report
-
Is Value In Activelist Column
-
Search
-
Check Point Firewall: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Log Attachment
-
List Layers On Site
-
List Policies On Site
-
Show Logs
-
FortiAnalyzer: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Search Logs
Microsoft Defender ATP: Version 28.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Isolate Machine Task
-
Create Run Antivirus Scan Task
-
Create Stop And Quarantine File Specific Machine Task
-
Create Unisolate Machine Task
-
Get Current Task Status
-
List Alerts
-
List Indicators
-
List Machines
-
Run Advanced Hunting Query
-
Wait Task Status
-
Microsoft Teams: Version 33.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Chats
-
List Teams
-
List Users
-
Send Message
-
Recorded Future: Version 19.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Update Alert
Active Directory: Version 39.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Group Members
-
Search Active Directory
-
Cofense Triage: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Report Headers
-
List Categories
-
List Playbooks
-
List Reports Related To Threat Indicators
-
ElasticSearchV7: Version 20.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced ES Search
-
DSL Search
-
Simple ES Search
-
BMC Remedy ITSM: Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Incident Details
-
Get Record Details
-
Cloudflare: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add IP To Rule List
-
List Firewall Rules
-
OpenSearch: Version 2.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Advanced OS Search
-
DSL Search
-
Simple OS Search
-
Microsoft Graph Mail: Version 37.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Attachments from Email
-
Extract Data from Attached EML
-
Move Email To Folder
-
Search Emails
-
F5 BIG-IP Access Policy Manager: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Active Sessions
McAfee Mvision EPO: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Endpoints In Group
-
List Groups
-
List Tags
-
Palo Alto Cortex XDR: Version 24.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Execute XQL Search
XForce: Version 17.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get IP By Category
Okta: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get User
Microsoft Intune: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Managed Devices
F5 BIG-IP iControl API: Version 5.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Address Lists
-
List Data Groups
-
List Port Lists
-
List iRules
-
AppSheet: Version 4.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Record
-
Delete Record
-
List Tables
-
Search Records
-
Update Record
-
McAfee ESM: Version 44.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Send Advanced Query To ESM
-
Send Query To ESM
-
Google Cloud Recommender: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Recommendation
-
List Recommendations
-
Update Recommendation
-
Any.Run: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Search Report History
FireEye Helix: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Lists
-
Get List Items
-
Area1: Version 7.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get Recent Indicators
ExabeamAdvancedAnalytics: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Comments To Entity
-
Create Watchlist
-
List Watchlist Items
-
List Watchlists
-
Azure Monitor: Version 2.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Search Logs
Rapid7 InsightIDR: Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Investigations
-
List Saved Queries
-
Run Saved Query
-
Amazon Macie: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Custom Data Identifier
-
List Findings
-
AWS IAM Access Analyzer: Version 8.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Scan Resources
ProofPoint TAP: Version 13.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
DecodeURL
-
Get Threat Forensics
-
GetCampaign
-
List Campaigns
-
Search Events
-
Splunk: Version 62.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Entity Query
-
SplunkQuery
-
LogPoint: Version 18.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Entity Query
-
Execute Query
-
List Repos
-
BitSight: Version 10.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Company Highlights
-
List Company Vulnerabilities
-
WMI: Version 12.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
ListServices
-
ListUsers
-
RunQuery
-
AWS Identity and Access Management (IAM): Version .0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create a Group
-
Create a Policy
-
Create a User
-
List Groups
-
List Policies
-
List Users
-
Fortinet FortiSIEM: Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Query
-
Execute Simple Query
-
Humio: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Search
-
Execute Simple Search
-
AlgoSec: Version 5.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Templates
AWS WAF: Version 9.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create IP Set
-
Create Regex Pattern Set
-
Create Rule Group
-
Create Web ACL
-
List IP Sets
-
List Regex Pattern Sets
-
CA Service Desk Manager: Version 24.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Search Tickets
-
Sync Ticket History
-
Freshworks Freshservice: Version 16.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Ticket Time Entry
-
Add a Ticket Note
-
Add a Ticket Reply
-
Create Requester
-
Create Ticket
-
List Agents
-
List Requesters
-
List Ticket Conversations
-
List Ticket Time Entries
-
List Tickets
-
Update Requester
-
Update Ticket
-
Update Ticket Time Entry
-
BMC Helix RemedyForce: Version 15.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Query
-
Execute Simple Query
-
Get Record Details
-
List Record Types
-
AWS S3: Version 6.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download File From Bucket
-
Get Bucket Policy
-
List Bucket Objects
-
List Buckets
-
Upload File To Bucket
-
Cybereason: Version 22.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Investigation Search
-
Execute Simple Investigation Search
-
List Malop Affected Machines
-
List Malop Remediations
-
List Processes
-
List files
-
Remediate Malop
-
SCCM: Version 19.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Run WQL Query
Netskope: Version 15.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Alerts
-
List Clients
-
List Events
-
Qradar: Version .0
-
Optimized the caching fetched offenses logic in the following connectors:
-
Qradar Correlation Events Connector V2
-
Qradar Offenses Connector
-
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Rule MITRE Coverage
-
List Reference Maps
-
List Reference Maps of Sets
-
List Reference Sets
-
List Reference Tables
-
Lookup for a Key in Reference Map
-
Lookup for a Key in Reference Map of Sets
-
Lookup for a Value in Reference Map
-
Lookup for a Value in Reference Map of Sets
-
Lookup for a Value in Reference Set
-
Lookup for a Value in Reference Tables
-
Google Cloud Compute: Version 14.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Labels To Instance
-
Get Instance IAM Policy
-
List Instances
-
Remove External IP Addresses
-
Set Instance IAM Policy
-
Cylance: Version 17.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Global List
-
Get Threats
-
EmailV2: Version 38.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Search Email
McAfee EPO: Version 35.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Execute Custom Query
-
Execute Entity Query
-
Execute Query By ID
-
List Queries
-
List Tasks
-
ArcSight Logger: Version 10.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Send Query
SonicWall-Beta: Version 7.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Address Groups
-
List URI Groups
-
List URI Lists
-
VSphere: Version 9.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Vms
SiemplifyUtilities: Version 26.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Export Entities as OpenIOC File
-
Extract Top From JSON
-
Office 365 CloudApp Security: Version 23.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Enrich Entities
-
List Files
-
Salesforce: Version 15.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Cases
AWS Elastic Compute Cloud (EC2): Version 8.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Start Instance
-
Stop Instance
-
Terminate Instance
-
McAfee Mvision ePO V2: Version 6.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
List Devices
-
List Tags
-
Anomali ThreatStream: Version 12.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Submit Observables
Automox: Version 6.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Policies
Microsoft Graph Security: Version 24.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Alerts
Qualys VM: Version 22.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Download Vm Scan Results
-
Launch VM Scan And Fetch Results
-
List Groups
-
List Reports
-
List Scans
-
Cloud Logging: Version 4.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Execute Query
Cisco ISE: Version 14.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- List Endpoint Identity Group
SentinelOneV2: Version 45.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Create Path Exclusion Record
-
Get Blacklist
-
Get Deep Visibility Query Result
-
Get Site Agents
-
Get Threats
-
Initiate Deep Visibility Query
-
List Sites
-
Mark as Threat
-
Mitigate Threat
-
Resolve Threat
-
Palo Alto Panorama: Version 33.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Correlated Traffic Between IPs
-
Search logs
-
Cisco AMP: Version 20.0
-
Introduced Light Theme compatibility for the predefined widget of the following action:
- Get File List Items
Slack: Version 27.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Get Channel Or User Conversation History
-
List Channels
-
List Users
-
Send Interactive Message
-
LogRhythm: Version 20.0
-
Introduced Light Theme compatibility for predefined widgets of the following actions:
-
Add Alarm To Case
-
Attach File To Case
-
Get Alarm Details
-
List Case Evidence
-
March 12, 2026
Microsoft Azure Sentinel: Version 59.0
-
The following new job has been added:
- Sync Incidents V2
Microsoft Azure Sentinel: Version 59.0
-
Deprecated the following job:
- Sync Incidents V2
March 11, 2026
CrowdStrike Falcon: Version 72.0
-
Updated the handling of
Days To Expirein the following action:- Upload IOCs
Case Federation: Version 7.0
- Integration: Updated to support self-service configuration.
ProofPoint TAP: Version 12.0
-
Updated input handling in the following action:
- DecodeURL
Microsoft Teams: Version 32.0
-
Updated reply handling in the following action:
- Wait for Reply
Introduced Light Theme compatibility for predefined widgets in the following integrations:
-
CrowdStrike Falcon: Version 72.0
-
Google Chronicle: Version 79.0
-
Google Cloud API: Version 8.0
-
Google Cloud Asset Inventory: Version 13.0
-
Google Security Command Center: Version 16.0
-
Google Threat Intelligence: Version 10.0
-
HTTP v2: Version 13.0
-
MITRE ATT&CK: Version 17.0
-
ScreenshotMachine: Version 14.0
-
Siemplify: Version 104.0
-
UrlScan.io: Version 28.0
-
Vertex AI: Version 5.0
-
VirusTotalV3: Version 38.0
-
Vmware Carbon Black Cloud: Version 37.0
March 03, 2026
Siemplify: Version 103.0
-
The following new job has been added:
- Response Integration & Connector Upgrade
Akamai: Version 2.0
-
The following new action has been added:
- Activate Client List
Splunk: Version 61.0
-
Updated input handling in the following action:
- Update Notable Events
CrowdStrike Falcon: Version 71.0
-
Added the ability to define an expiration date for IOCs to the following action:
- Upload IOCs
-
Added support for hidden hosts in the following action:
- Get Host Information
Google Security Command Center: Version 15.0
-
Updated the processing of mute states in the following action:
- List Asset Vulnerabilities
AWS GuardDuty: Version 9.0
-
Updated severity handling in the following connector:
- AWS GuardDuty - Findings Connector
Microsoft Graph Mail Delegated: Version 13.0
-
Updated folder handling in the following actions:
-
Forward Email
-
Save Email To Case
-
Send Email
-
Send Email HTML
-
Send Thread Reply
-
Send Vote Email
-
Wait For Email From User
-
Wait For Vote Email Results
-
-
Updated folder handling in the following connector:
- Microsoft Graph Mail Delegated Connector
Google Chronicle: Version 78.0
-
Updated raw log data processing in the following actions:
-
Get Detection Details
-
Execute UDM Query
-
Microsoft Graph Mail: Version 36.0
-
Updated folder handling in the following actions:
-
Forward Email
-
Save Email To Case
-
Send Email
-
Send Email HTML
-
Send Thread Reply
-
Send Vote Email
-
Wait For Email From User
-
Wait For Vote Email Results
-
-
Updated folder handling in the following connector:
- Microsoft Graph Mail Connector
February 25, 2026
Google Workspace: Version 23.0
-
The following new action has been added:
- Remove Extension
Google Chronicle: Version 77.0
- Integration: Updated the error handling for Workload Identity authentication.
Microsoft 365 Defender: Version 23.0
-
Added support for Graph API to the following actions:
-
Execute Query
-
Execute Custom Query
-
Execute Entity Query
-
February 18, 2026
New Proofpoint Threat Protectionintegration
Cofense Triage: Version 17.0
-
Optimized the report processing in the following connector:
- Cofense Triage - Reports Connector
Qualys VM: Version 21.0
- Integration: Added the ability to configure the
X-Requested-Withheader.
QRadar: Version 63.0
-
Updated the logic for offense processing in the following connectors:
-
Qradar Correlation Events Connector V2
-
Qradar Offenses Connector
-
Palo Alto Cortex XDR: Version 23.0
-
Added the ability to provide agents using input parameters in the following actions:
-
Scan Endpoint
-
Isolate Endpoint
-
Unisolate Endpoint
-
Google Chronicle: Version 76.0
-
Restored the previous JSON result structure for empty result sets in the following action:
- Execute UDM Query
Exchange: Version 119.0
-
Updated the handling of S/MIME emails sent on MacOS in the following connectors:
-
Exchange - Mail Connector v2 with OAuth Authentication
-
Exchange - Mail Connector v2
-
CrowdStrike Falcon: Version 70.0
-
Deprecated the following actions:
-
Add Incident Comment
-
Update Incident
-
Add Comment to Detection
-
Close Detection
-
Update Detection
-
-
Deprecated the following connectors:
-
CrowdStrike - Detections Connector
-
Crowdstrike - Incidents Connector
-
February 11, 2026
CiscoUmbrella: Version 15.0
-
The following new actions have been added:
-
Is Domain In Cisco Popularity List
-
List Top Domains
-
Tenable.io: Version 13.0
-
Optimized the asset processing of the following connector:
- TenableIO - Vulnerabilities Connector
-
Updated the entity processing logic of the following actions:
-
Enrich Entities
-
List Endpoint Vulnerabilities
-
Scan Endpoints
-
Google Threat Intelligence: Version 9.0
-
Added the ability to define the data freshness threshold for available hashes to the following action:
- Submit File
-
Added the ability to filter using monitor names to the following connector:
- Google Threat Intelligence - DTM Alerts Connector
-
Integration: Updated the connectivity test method to avoid API quota consumption.
Palo Alto Cortex XDR: Version 22.0
-
Updated the event processing and dynamic list handling of the following connector:
- Palo Alto Cortex XDR Connector
-
Added the ability to ignore certain types of artifacts to the following connector:
- Palo Alto Cortex XDR Connector
February 04, 2026
Azure Security Center: Version 13.0
-
Updated the configuration (
Connector.def) of the following connector:- Azure Security Center - Security Alerts Connector
Google Chronicle: Version 75.0
-
Optimized performance for large data tables in the following actions:
-
Is Value In Data Table
-
Remove Rows From Data Table
-
Siemplify: Version 102.0
-
Refactored the following actions:
-
Get Case Details
-
Wait For Custom Fields
-
Set Custom Fields
-
Get Similar Cases
-
Get Custom Field Values
-
Export Case
-
-
Updated error handling in the following action:
- Assign Case
Siemplify ThreatFuse: Version 16.0
-
Updated the configuration (
Connector.def) of the following connector::- Siemplify ThreatFuse - Observables Connector
January 28, 2026
Google Threat Intelligence: Version 8.0
-
The following new actions have been added:
-
Add ASM Issue Note
-
Add Tag To DTM Alert
-
Azure Active Directory: Version 22.0
-
Added the ability to fetch MFA information to the following actions:
-
Enrich User
-
Get Manager Contact Details
-
Jira: Version 52.0
-
Optimized ticket processing workflows in the following job:
- Sync Closure Job
Proofpoint Cloud Threat Response: Version 2.0
- Integration: Updated dependencies.
Salesforce: Version 14.0
- Integration: Updated the Salesforce SDK to the latest version
Siemplify: Version 101.0
-
Added support to set custom fields upon alert closure to the following action:
- Close Alert
-
Added support to set custom fields upon case closure to the following action:
- Close Case
Google Threat Intelligence: Version 8.0
-
Added the ability to automatically set the
is_suspiciousflag on entities based on specific GTI score and Engine count thresholds in the following action:- Enrich Entities
-
Added the ability to flag entities as
is_riskywithin the JSON output when GTI scores or Engine counts meet specified criteria to the following action:- Submit File
Google Chronicle: Version 74.0
-
Reverted the JSON result structure for aggregated queries in the following action:
- Execute UDM Query
January 21, 2026
Okta: Version 13.0
-
The following new action has been added:
- Clear Okta User Session
New Azure APIintegration
Netskope: Version 14.0
-
Refactored the following action:
- Ping
HTTP v2: Version 12.0
-
Updated
Expected Response Valuesdescription in the following action:- Execute HTTP Request
Microsoft 365 Defender: Version 22.0
-
Updated the tracking logic for alerts in the following connector:
- Microsoft 365 Defender - Incidents Connector
QRadar: Version 62.0
-
Updated the event processing logic of the following connector:
- QRadar Correlations Connector V2
Google Chronicle: Version 73.0
-
Updated the processing of queries in the following action:
- Execute UDM Query
Google Cloud API: Version 7.0
-
Updated
Expected Response Valuesdescription in the following action:- Execute HTTP Request
Azure Active Directory: Version 21.0
-
Updated the JSON result example of the following action:
- List Members in The Group
-
Added more metadata to the JSON result example of the following action:
- List Groups
January 14, 2026
Siemplify: Version 100.0
-
Updated the following action to include the JSON result in the action output:
- Get Custom Field Values
Microsoft Graph Mail: Version 35.0
-
Improved the "mark emails as read" functionality in the following connector:
- Microsoft Graph Mail Connector
Microsoft Graph Mail Delegated: Version 12.0
-
Improved the "mark emails as read" functionality in the following connector:
- Microsoft Graph Mail Delegated Connector
Okta: Version 12.0
-
Updated the pagination processing mechanismthe in following action:
- List Users
Slack: Version 26.0
-
Updated the Base URL construction logic for the following action:
- Build Block
Azure Active Directory: Version 20.0
-
Updated the action to include the email ID in the action output and expanded capabilities to return all metadata fields in the following action:
- Get Manager Contact Details
-
Integration: Updated the code to handle special characters in identifiers by implementing URL encoding and OData escaping.
January 07, 2026
Palo Alto Cortex XDR: Version 21.0
-
The following new job has been added:
- Sync Incidents
Microsoft Defender ATP: Version 27.0
-
The following new action has been added:
- Execute Live Response Command
Google Chronicle: Version 72.0
-
Added support for curated rules in the following action:
- Get Rule Details
-
Updated rule severity filter logic in the following connector:
- Google Chronicle - Chronicle Alerts Connector
Updated the dependencies of the following integrations:
-
BMC Helix RemedyForce: Version 14.0
-
EmailV2: Version 37.0
-
Google Cloud Storage: Version 12.0
-
HTTP v2: Version 11.0
-
Jira: Version 51.0
-
JuniperVSRX: Version 9.0
-
McAfee Active Response: Version 8.0
-
PassiveTotal: Version 12.0
-
Salesforce: Version 13.0
-
SCCM: Version 18.0
-
SiemplifyUtilities: Version 25.0
-
ThreatConnect: Version 15.0
-
Websense: Version 13.0
-
WMI: Version 11.0
SCC Enterprise: Version 19.0
- Integration: Refactored code to work with the updated API.
Updated the file management logic of the Download Attachment From Email
action in the following integrations:
-
Microsoft Graph Mail: Version 34.0
-
Microsoft Graph Mail Delegated: Version 11.0
Siemplify: Version 99.0
-
Updated the TIPCommon method in the following action:
- Get Case Details
Exchange: Version 118.0
-
Added new parameters (
Event Fields to ExcludeandExclude Attachments) to the following connectors:-
Exchange - Mail Connector v2
-
Exchange - Mail Connector v2 with OAuth Authentication
-
December 24, 2025
New Proofpoint Cloud Threat Responseintegration
New OpenSearchintegration
Siemplify: Version 98.0
-
The following new action has been added:
- Export Case
Fortigate: Version 17.0
-
Expanded the supported log filter in the following connector:
- Fortigate - Threat Logs Connector
Google Chronicle: Version 71.0
-
Updated event processing and ontology mapping in the following connector:
- Google Chronicle - Chronicle Alerts Connector
-
Added support for returning raw logs related to UDM events to the following actions:
-
Get Detection Details
-
Execute UDM Search
-
December 17, 2025
AWS WAF: Version 8.0
- Integration: Updated the authentication logic.
Splunk: Version 60.0
-
Added support for the latest ES version to the following connector:
- Splunk Notable Events Connector
Siemplify: Version 97.0
-
Extended the capabilities of the following action:
- Assign Case
-
Added the ability to add multiple tags using a delimiter to the following action:
- Case Tag
-
Added a JSON result to the following action:
- Create Entity
Netskope: Version 13.0
- Integration: Updated the dependencies to include the Netscope SDK library.
Cofense Triage: Version 16.0
-
Added the ability to disable the overflow mechanism in the following connector:
- Cofense Triage - Reports Connector
December 10, 2025
Google Threat Intelligence: Version 7.0
-
The following new action has been added:
- Private Submit URL
MISP: Version 34.0
-
Refactored the following actions:
-
Publish Event
-
Unpublish Event
-
-
Updated the predefined widget of the following action:
- Enrich Entities
Siemplify: Version 96.0
-
Refactored the following action:
- Resume Alert SLA
Tenable.io: Version 12.0
-
Updated the entity processing mechanism in the following actions:
-
List Endpoint Vulnerabilities
-
Enrich Entities
-
Scan Endpoints
-
Google Chronicle: Version 70.0
-
Updated the error handling of the API limit and input processing of the following action:
- Is Value In Data Table
December 04, 2025
Gmail: Version 6.0
- Integration: Updated the dependency files.
Cofense Triage: Version 15.0
-
Improved category based filtering in the following connector:
- Cofense Triage - Reports Connector
Tenable Security Center: Version 19.0
- Integration: Added support to authenticate using an Access Key and a Secret Key.
CSV: Version 38.0
- Integration: Updated dependencies.
November 26, 2025
Google Chronicle: Version 69.0
-
The following new actions have been added:
-
Generate UDM Query
-
Add Entry To Watchlist
-
Jira: Version 50.0
-
Improved handling of comments with additional styling in the following action:
- Add Comment
-
Improved handling of comments with additional styling in the following job:
- Sync Comments
Urlscan.io: Version 27.0
-
Added support for the Domain entity in the following action:
- Search For Scans
Updated the dependency files in the following integrations:
-
Exchange: Version 117.0
-
HTTP V2: Version 10.0
CSV: Version 37.0
-
Updated support for nested JSONs in the following action:
- Save Json to CSV
November 19, 2025
Google Threat Intelligence: Version 6.0
-
The following new action has been added:
- Get Related Associations
SentinelOneV2: Version 44.0
-
Updated the mechanism for fetching agent information in the following actions:
-
Disconnect Agent From Network
-
Enrich Endpoint
-
Get Agent Status
-
Get Application List For Endpoint
-
Get Events For Endpoint Hours Back
-
Initiate Full Scan
-
Move Agents
-
Reconnect Agent To The Network
-
Okta: Version 11.0
-
Updated the pagination processing mechanism in the following actions:
-
List Users
-
Add Group
-
Get Group
-
List Providers
-
Google Chronicle: Version 68.0
-
Improved error handling in the following jobs:
-
Google Chronicle Sync Job
-
Google Chronicle Alerts Creator Job
-
Cofense Triage: Version 14.0
-
Added the ability to filter based on category to the following connector:
- Cofense Triage - Reports Connector
Splunk: Version 59.0
-
Refactored the following integration items to use the new API endpoints:
-
Ping
-
Get Host Events
-
Splunk Notable Events Connector
-
Sync Splunk ES Closed Events
-
Sync Splunk ES Comments
-
November 12, 2025
Google Security Command Center: Version 14.0
-
Added the ability to ingest Toxic Combinations and Chokepoints in the following connector:
- Google Security Command Center - Findings Connector
Updated the dependency files in the following integrations:
-
Microsoft Graph Mail: Version 33.0
-
Microsoft Graph Mail Delegated: Version 10.0
The following integrations are now GUS recommended:
-
CrowdStrike Falcon: Version 69.0
-
Wiz: Version 3.0
-
Fortigate: Version 16.0
Google Chronicle: Version 67.0
-
Updated curated detections processing logic in the following action:
- Get Detection Details
Cybereason: Version 21.0
- Integration: Added ability to provide a CA Certificate file as part of the configuration.
Updated action definitions to meet the new requirements of IDE in the following integrations:
Updated Integrations (45)
- Active Directory: Version 38.0
- AlienVault USM Appliance: Version 22.0
- AlienVault USM Anywhere: Version 32.0
- Area1: Version 6.0
- BulkWhoIs: Version 16.0
- CA Service Desk Manager: Version 23.0
- Carbon Black Response: Version 35.0
- Case Federation: Version 6.0
- ConnectWise: Version 19.0
- CSV: Version 36.0
- DeepSight: Version 9.0
- DomainTools: Version 9.0
- Email V2: Version 36.0
- Endgame: Version 11.0
- Exchange: Version 116.0
- F5 Big IQ: Version 6.0
- FileOperation: Version 12.0
- HTTP: Version 12.0
- IntSights: Version 23.0
- Jira: Version 49.0
- JuniperVSRX: Version 8.0
- McAfee EPO: Version 17.0
- McAfee NSM: Version 8.0
- Microsoft Graph Security: Version 23.0
- MSSQL: Version 17.0
- Palo Alto Next Gen Firewall: Version 26.0
- PhishRod: Version 4.0
- RSA NetWitness: Version 17.0
- Runners: Version 5.0
- Salesforce: Version 12.0
- SCC Enterprise: Version 18.0
- ServiceNow: Version 59.0
- Siemplify: Version 95.0
- SSH: Version 18.0
- Symantec Endpoint Protection: Version 18.0
- Symantec Endpoint Protection 12: Version 13.0
- Symantec ICDX: Version 7.0
- Tenable Security Center: Version 18.0
- Twilio: Version 14.0
- VSphere: Version 8.0
- VirusTotal: Version 40.0
- WildFire: Version 8.0
- WMI: Version 10.0
- XForce: Version 16.0
- Zabbix: Version 14.0
- Zendesk: Version 10.0
CrowdStrike Falcon: Version 69.0
-
Refactored the pagination and filtering mechanism in the following actions:
-
List Uploaded IOCs
-
List Hosts
-
-
Added support for wildcards to
File Paths to Scanin the following action:- On-Demand Scan
Siemplify: Version 95.0
-
The following new action has been added:
- Get Case Alerts
New Azure Monitorintegration
November 05, 2025
AWS Identity and Access Management: Version 7.0
-
Refactored the following actions:
-
Create User
-
Create Group
-
Create Policy
-
List Users
-
List Groups
-
List Policies
-
Palo Alto XDR: Version 20.0
-
The following new action has been added:
- Scan Endpoint
Microsoft Teams: Version 31.0
- Integration: Updated the integration's action definitions to meet the new requirements of the IDE.
Freshworks Freshservice: Version 15.0
-
Added the ability to provide a department in the integration configuration for the following action:
- Create Ticket
FortiAnalyzer: Version 8.0
-
Updated search processing logic in the following action:
- Search Logs
SentinelOneV2: Version 43.0
-
The following new action has been added:
- Get Site Agents
October 29, 2025
CrowdStrike Falcon: Version 68.0
-
Update the following action to check if there is an existing identical running scan for a provided hostname before creating a new one:
- On-Demand Scan
Microsoft Graph Mail: Version 32.0
-
Updated the file management logic in the following action:
- Download Attachments from Email
Exchange: Version 115.0
-
Updated the file management logic in the following action:
- Download Attachments
CSV: Version 35.0
-
Updated file path processing logic in the following connector:
- CSV Connector
Microsoft Graph Mail Delegated: Version 9.0
-
Updated the file management logic in the following action:
- Download Attachments from Email
ZScaler: Version 10.0
-
Added support for domain entity type in the following actions:
-
Add to Whitelist
-
Lookup Entity
-
Tanium: Version 15.0
-
(REGRESSIVE) Updated JSON result to return data for multiple columns in the following action:
- Get Question Results
Palo Alto Cortex XDR: Version 19.0
-
Updated incident processing logic in the following action:
- Get Incident Details
-
Added new filtering options, the ability to create a SecOps alert for every Palo Alto XDR alert, and the ability to track updates to an incident in the following connector:
- Palo Alto Cortex XDR Connector
October 22, 2025
DomainTools: Version 8.0
-
Extended capabilities in the following action:
- Get Domain Risk
-
Added support for the domain entity type in the following actions:
-
Get Domain Profile
-
Get Domain Risk
-
Reverse Domain
-
CSV: Version 34.0
-
Fixed a bug that caused inconsistent column order for the same JSON input by stabilizing the order based on the keys of the first object in the list in the following action:
- Save Json to CSV
SentinelOneV2: Version 42.0
-
The following new actions have been added:
-
Create Device Control Rule
-
Delete Device Control Rule
-
Update Device Control Rule
-
CrowdStrike Falcon: Version 67.0
-
Fixed a bug where the Contains filter would fail to find hosts when the
Max Hosts To Returnlimit was applied in the following action:- List Host
October 15, 2025
CrowdStrike Falcon: Version 66.0
-
The following new action has been added:
- Get Alert Details
ThreatQ: Version 15.0
-
Updated the API request payload to align with a change in the ThreatQ API in the following actions:
-
Enrich IP
-
Enrich URL
-
Enrich Email
-
Enrich Hash
-
Enrich CVE
-
UrlScan.io: Version 26.0
-
Added ability to scan domains and IPs in the following action:
- URL Check
Updated dependencies in the following integrations:
-
Microsoft Teams: Version 30.0
-
Microsoft Graph Mail Delegated: Version 8.0
-
Exchange: Version 114.0
-
Case Federation: Version 5.0
-
Azure Security Center: Version 12.0
Azure Active Directory: Version 19.0
-
Improved performance by implementing a direct API filter query for group name searches, which avoids fetching all groups and significantly reduces execution time in large-group environments, in the following action:
- List Members in Group
CrowdStrike Falcon: Version 66.0
-
Updated entity processing logic in the following actions:
-
Contain Endpoint
-
Download File
-
Execute Command
-
Get Host Information
-
Lift Contained Endpoint
-
List Host Vulnerabilities
-
On-Demand Scan
-
Run Script
-
Okta: Version 10.0
-
Updated the pagination processing mechanism in the following actions:
-
List Users
-
Add Group
-
Get Group
-
List Providers
-
Microsoft Teams: Version 30.0
- Integration: Fixed an issue with the special characters in the query parameters.
October 09, 2025
Microsoft Teams: Version 29.0
-
Refactored action logic in the following actions:
-
Get Authorization
-
Generate Token
-
Google Chronicle: Version 66.0
-
Updated processing of reference list rows in the following action:
- Get Reference Lists
Google Threat Intelligence: Version 5.0
-
Added ability to filter by issue name in the following connector:
- Google Threat Intelligence - ASM Issues Connector
-
Added ability to filter events in the following connector:
- Google Threat Intelligence - DTM Alerts Connector
Google Workspace: Version 22.0
-
Updated the action description to reflect that the action deletes the extension from the blocklist rather than deleting the extension from the organizational unit in the following action:
- Delete Extension
September 25, 2025
Microsoft Azure Sentinel: Version 57.0
-
The following new job has been added:
- Sync Incidents
Google Chronicle: Version 65.0
-
Updated the filtering mechanism of the following action:
- Get Data Tables
New Apache Kafkaintegration
Google Workspace: Version 21.0
-
Expanded capabilities of the following action:
- List OU Of Account
-
Updated processing of the organization unit inside the following actions:
-
Block Extension
-
Delete Extension
-
List OU Of Account
-
CrowdStrike Falcon: Version 64.0
-
Updated timeout handling in the following connector:
- Crowdstrike Falcon - Streaming Events Connector
-
Integration: Updated authentication to support multi-tenancy execution.
Any.Run: Version 8.0
-
Updated the available privacy settings in the following actions:
-
Analyze URL
-
Analyze File URL
-
Analyze File
-
Orca Security: Version 12.0
-
Integration: (REGRESSIVE) Updated to support the latest API version.
Ontology has been updated. Overwrite current ontology mapping to align with the new API alert structure.
September 17, 2025
Google Threat Intelligence: Version 4.0
-
The following new action has been added:
- Set DTM Alert Analysis
Palo Alto Cortex XDR: Version 18.0
-
The following new actions have been added:
-
Add Comment To Incident
-
Execute XQL Search
-
Get Incident Details
-
SentinelOneV2: Version 41.0
-
The following new action has been added:
- Update Alert
-
The following new connector has been added:
- SentinelOne - Alert Connector
-
A new predefined widget has been added to the following action:
- Update Alert
Microsoft Azure Sentinel: Version 56.0
-
Updated mapping for the
ScheduledAlertevent types in the following connector:- Microsoft Azure Sentinel Incident Connector v2
Jira: Version 48.0
- Integration: Updated the SDK version.
Trend Vision One: Version 6.0
-
Added support for Agent UUID in the following actions:
-
Enrich Entities
-
Execute Custom Script
-
Isolate Endpoint
-
Unisolate Endpoint
-
Vertex AI: Version 4.0
- Integration: Increased the default timeout for API requests.
Added the ability to modify the API Root
and Login API Root
in the following integrations:
-
Azure Active Directory: Version 18.0
-
Azure AD Identity Protection: Version 7.0
-
Microsoft Teams: Version 28.0
Splunk: Version 58.0
-
Updated the alert processing logic in the following connector:
- Splunk ES - Notable Events Connector
Google Threat Intelligence: Version 4.0
-
Updated the processing of the threat actor entity in the following action:
- Enrich Entities
-
Updated the predefined widget in the following actions:
(REGRESSIVE) The widget now works with GTI information. To see the changes, the widget must be re-added to the existing views in playbooks.
-
Enrich Entities
-
Enrich IOCs
-
-
Added JSON samples to the following action:
- Enrich Entities
September 03, 2025
Google Threat Intelligence: Version 3.0
-
Extended supported filters in the following connector:
- Google Threat Intelligence - ASM Issues Connector
August 27, 2025
Google Workspace: Version 20.0
-
The following new actions have been added:
-
Block Extension
-
Delete Extension
-
Get Extension Details
-
Get Host Browser Details
-
Search User Activity Events
-
Google Threat Intelligence: Version 3.0
- Integration:Updated authentication flow.
August 20, 2025
Google Chronicle: Version 64.0
-
Added support for aggregated searches in the following action:
- Execute UDM Query
Microsoft Graph Mail: Version 30.0
-
Improved handling of
Case Name Templatein the following connector:- Microsoft Graph Mail - Microsoft Graph Mail Connector
CrowdStrike Falcon: Version 63.0
-
Updated processing of
On-Demand Scanalerts in the following connector:- Crowdstrike Falcon - Alerts Connector
Microsoft Graph Mail Delegated: Version 6.0
-
Improved handling of
Case Name Templatein the following connector:- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector
August 13, 2025
New CyberArk Credential Providerintegration
Microsoft Graph Mail: Version 29.0
- Integration: Updated dependencies.
Jira: Version 47.0
-
Updated timestamp processing logic in the following jobs:
-
Sync Comments
-
Sync Closure
-
-
Updated logic for processing closed tickets in the following job:
- Sync Closure
August 04, 2025
Google Chronicle: Version 63.0
-
The following new actions have been added:
- Ask Gemini
- Enrich Entities
QRadar: Version 60.0
-
Updated offense processing logic in the following connector:
- Qradar - Baseline Offenses Connector
Gmail: Version 5.0
- Integration: Improved error handling.
Google Chronicle: Version 63.0
-
The following actions have been deprecated:
- Enrich Domain
- Enrich IP
Case Federation: Version 4.0
- Integration:Refactored the code.
SentinelOneV2: Version 40.0
-
Added ability to fetch agent information in the following actions:
- Disconnect Agent From Network
- Enrich Endpoint
- Get Agent Status
- Get Application List For Endpoint
- Get Events For Endpoint Hours Back
- Initiate Full Scan
- Move Agents
- Reconnect Agent To The Network
July 23, 2025
Siemplify: Version 94.0
-
The following new actions have been added:
-
Get Custom Field Values
-
Resume Case SLA
-
Pause Case SLA
-
Sophos: Version 18.0
Added ability to work with new authentication method in the following action:
- Get Events Log
July 16, 2025
Google Chronicle: Version 62.0
-
The following new actions have been added:
-
Remove Rows From Data Table
-
Get Data Tables
-
Is Value In Data Table
-
Add Rows To Data Table
-
Microsoft Azure Sentinel: Version 55.0
-
Updated logger initialization in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2
Azure Security Center: Version 11.0
- Integration: Refactored the integration code to support the updated API.
MySQL: Version 5.0
-
Refined query processing in the following action:
- Run SQL Query
Mandiant Threat Intelligence: Version 14.0
-
Improved entity processing logic in the following action:
- Enrich Entities
July 09, 2025
Siemplify: Version 93.0
-
Updated action logic in the following actions:
-
Get Case Details
-
Get Similar Cases
-
BMC Remedy ITSM: Version 9.0
-
Updated input parameter processing in the following action:
- Create Incident
ServiceNow: Version 58.0
-
Updated processing of record object in the following connector:
- ServiceNow - ServiceNow Connector
July 02, 2025
Okta: Version 9.0
-
The following new action has been added:
- Send SSF to Okta
Vertex AI: Version 3.0
- Integration: Updated the handling of non-Google models.
CrowdStrike Falcon: Version 62.0
-
Updated JSON Result structure in the following action:
- List Hosts
Google Chronicle: Version 61.0
-
Updated action processing logic in the following action:
- Execute UDM Query
June 27, 2025
Siemplify: Version 92.0
-
Updated action logic in the following actions:
-
Get Case Details
-
Get Similar Cases
-
Update Case Description
-
June 25, 2025
Refactored the code to work with updated API in the following integrations:
-
Case Federation: Version 3.0
-
Siemplify: Version 91.0
Siemplify: Version 91.0
-
Updated Predefined Widget in the following action:
- Get Similar Cases
Microsoft Azure Sentinel: Version 54.0
-
Added an ability to not process the alert until Scheduled/NRT alert objects are available from API in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
SentinelOneV2: Version 39.0
-
Updated ontology mapping in the following connector:
- SentinelOneV2 - Threats Connector
June 18, 2025
Microsoft Teams: Version 27.0
- Integration: Refactored the code to work with updated API.
Google Chronicle: Version 60.0
-
Updated risk score handling in the following connector:
- Google Chronicle - Alerts Connector
June 11, 2025
New Google Threat Intelligenceintegration
New Akamaiintegration
Refactored the code to work with updated API in the following integrations:
- Exchange: Version 113.0
- ServiceNow: Version 57.0
- Microsoft Graph Mail Delegated: Version 5.0
Refactored the code in the following integrations:
- Gmail: Version 4.0
- Google Cloud API: Version 6.0
- HTTP v2: Version 9.0
- Microsoft Graph Mail: Version 28.0
- Tor: Version 7.0
Darktrace: Version 18.0
-
Added ability to filter model breaches by priority in the following connector:
- Darktrace - Model Breaches Connector
June 04, 2025
Refactored the code to work with updated API in the following integrations:
- BMC Remedy ITSM: Version 8.0
- Gmail: Version 3.0
- Google Cloud API: Version 5.0
- Microsoft Graph Mail: Version 27.0
- Service Desk Plus V3: Version 6.0
- Vertex AI: Version 2.0
Google Chronicle: Version 59.0
- Updated the API root to be configurable in IDE in the following connector:
- Google Chronicle - Chronicle Alerts Connector
Vertex AI: Version 2.0
- Fixed non-Google models that weren't working
Nmap: Version 2.0
- Updated JSON Result structure in the following action:
- Scan Entities
May 28, 2025
New Nmapintegration
Sophos: Version 17.0
- Updated the logic of entity processing in the following actions:
- Isolate Endpoint
- Unisolate Endpoint
Office 365 CloudApp Security: Version 22.0
-
Updated processing of the input parameters in the following actions:
- Bulk Resolve Alert
- Close Alert
- Dismiss Alert
Trend Vision One: Version 5.0
- Updated the logic for processing alerts in the following connector:
- Trend Vision One - Workbench Alerts
Mandiant Threat Intelligence: Version 13.0
-
Updated entity processing in the following action:
- Enrich Entities
Microsoft 365 Defender: Version 21.0
- Added more transparency around Microsoft Sentinel and Microsoft Defender For Cloud alerts. You can now provide
microsoftSentinelandmicrosoftDefenderForCloudas the Service Source in the following connector:- Microsoft 365 Defender - Incidents Connector
May 21, 2025
Palo Alto Cortex XDR: Version 17.0
-
Updated the supported statuses in the following action:
- Update an Incident
Microsoft Azure Sentinel: Version 53.0
-
Updated entity mapping in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
Google Chronicle:Version: 58.0
-
Updated the following action:
- Broken Google Chronicle Widget
-
Expanded the JSON Result with new fields in the following connector:
- Google Chronicle- Get Rule Details
May 14, 2025
ProofPoint TAP: Version 11.0
-
The following new actions have been added:
-
Get Threat Forensics
-
Search Events
-
List Campaigns
-
Google Chronicle: Version 57.0
-
Updated the processing of the events in the following connector:
- Google Chronicle - Chronicle Alerts Connector
May 07, 2025
CrowdStrike Falcon: Version 61.0
-
The following new action has been added:
- Search Events
New Cisco Vulnerability Managementintegration
Microsoft Azure Sentinel: Version 52.0
-
Updated events processing logic in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
CrowdStrike Falcon: Version 61.0
-
Updated input parameter processing in the following action:
- On-Demand Scan
-
Added ability to define Alert Name and Case Name templates in the following connectors:
-
Crowdstrike Falcon - Detections Connector
-
Crowdstrike Falcon - Identity Protection Detections Connector
-
Crowdstrike Falcon - Alerts Connector
-
CrowdStrike Falcon: Version 61.0
-
Updated input parameter processing in the following action:
- On-Demand Scan
-
Added ability to define Alert Name and Case Name templates to the following connectors:
-
Crowdstrike Falcon - Detections Connector
-
Crowdstrike Falcon - Identity Protection Detections Connector
-
Crowdstrike Falcon - Alerts Connector
-
Google Chronicle: Version 56.0
-
Added ignore \r\n characters and skip empty input values when adding in the following actions:
-
Is Value in Reference List
-
Add Value to Reference List
-
-
Optimised the processing of the alerts in the following jobs:
-
Alerts Sync
-
Alerts Creator
-
Microsoft Azure Sentinel: Version 52.0
-
Updated events processing logic in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
Microsoft Graph Mail: Version 26.0
-
Added ability to define
Alert Name Templatein the following connector:- Microsoft Graph Mail - Microsoft Graph Mail Connector
Microsoft Graph Mail Delegated: Version 26.0
-
Added ability to define
Alert Name Templatein the following connector:- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector
Google Chronicle: Version 56.0
-
Added ignore \r\n characters and skip empty input values when adding to the following actions:
-
Is Value in Reference List
-
Add Value to Reference List
-
-
Optimized the processing of the alerts in the following jobs:
-
Google Chronicle - Alerts Sync
-
Google Chronicle - Alerts Creator
-
Microsoft Graph Mail: Version 26.0
-
Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector
Microsoft Graph Mail Delegated: Version 4.0
-
Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector
April 30, 2025
Mimecast: Version 12.0
-
The following new action has been added:
- Create Block Sender Policy
VirusTotalV3: Version 37.0
-
Updated entity handling of the following actions:
-
Add Comment To Entity
-
Add Vote To Entity
-
Enrich URL
-
Get Domain Details
-
Get Related Domains
-
Get Related Hashes
-
Get Related IPs
-
Get Related URLs
-
-
Updated Predefined Widgets in the following actions:
-
Add Comment To Entity
-
Add Vote To Entity
-
Enrich URL
-
Get Domain Details
-
Get Related Domains
-
Get Related Hashes
-
Get Related IPs
-
Get Related URLs
-
HTTP v2: Version 8.0
- Integration: Refactored the code to work with updated API.
SentinelOneV2: Version 38.0
-
The underlying API endpoint of the following action has been deprecatedand there is no suitable replacement:
- Get Hash Reputation
-
Refactored the code of the following connector:
- SentinelOneV2 - Get Events For Endpoint Hours Back
Mimecast: Version 12.0
-
Added ability to ingest attachments and body associated with the held message to the following connector:
- Mimecast - Message Tracking Connector
-
Added ability to filter by queue reason to the following connector:
- Mimecast - Message Tracking Connector
April 23, 2025
ExtraHop: Version 6.0
-
The following new action has been added:
- Update Detection
Zerofox: Version 2.0
-
The following new action has been added:
- Add Evidence To Alert
Tanium: Version 14.0
-
Improved action compatibility with Python 3.11 in the following action:
- Download File
Siemplify: Version 90.0
-
Added ability to work with additional timestamp types in the following action:
- Permitted Alert Time
-
Added ability to work with IANA timezone names in the following action:
- Permitted Alert Time
Microsoft Graph Mail: Version 25.0
-
Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector
SCC Enterprise: Version 17.0
-
Updated ticket creation workflow in the following action:
- Create SCC Enterprise Cloud Posture Ticket Type Jira
Microsoft Graph Mail Delegated: Version 3.0
-
Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector
April 16, 2025
Microsoft Graph Security: Version 22.0
-
Integration: Added support for V2 version of the API.
Microsoft Graph Mail: Version 24.0
-
Integration: Added support for working with S/MIME-encrypted emails.
-
Added Connector API throttling improvements to accommodate
Max Emails per Cyclelogic in the following connector:- Microsoft Graph Mail - Microsoft Graph Mail Connector
Google Chronicle: Version 55.0
-
Added ability to ingest composite alerts in the following connector:
- Google Chronicle - Alerts Connector
-
Removed the
Disable Event Splittingparameter so the connector will always ingest events in the original structure in the following connector and ontology mapping must be updated:- Google Chronicle - Alerts Connector
CrowdStrike Falcon: Version 60.0
-
Added ability to fetch hidden alerts in the following connector:
- CrowdStrike - Alerts Connector
ServiceNow: Version 56.0
-
Improved handling of OAuth 2.0 authentication in the following actions:
- Create Incident
- Create Alert Incident
April 09, 2025
New Zerofoxintegration.
VirusTotalV3: Version 36.0
-
Updated private submission is_risky logic in the following action:
- Submit File
Web Risk: Version 2.0
-
Updated entity handling in the following action:
- Enrich Entities
Siemplify: Version 89.0
-
Removed the following unsupported job:
- Siemplify - ETL Monitor Job
VMware Carbon Black Cloud: Version 36.0
-
Updated the ingestion processing logic in the following connector:
- VMware Carbon Black Cloud - Alerts and Events Baseline Connector
Exchange: Version 112.0
-
Added an option to overwrite the URL regex connectors use in the following connectors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 with OAuth Authentication
April 02, 2025
Exchange: Version 111.0
-
Improved encoding handling during email parsing in the following connectors:
-
Exchange - Mail Connector v2
-
Exchange - Mail Connector v2 with Oauth Authentication
-
VMRay: Version 17.0
-
Updated entity handling in the following action:
- Scan URL
ServiceNow: Version 55.0
-
Added support for
Sync Closed Incidentsjob to handle created incidents in the following actions:-
Create Incident
-
Create Alert Incident
-
-
Added ability to filter records by assignment group in the following connector:
- ServiceNow - ServiceNow Connector
-
Added ability to sync incidents created during playbook execution in the following job:
- Sync Closed Incidents
Siemplify: Version 88.0
-
Removed the following unsupported job from the integration:
- Jobs Monitor
Google Chronicle: Version 54.0
-
Updated the following connector to support new SIEM API:
- Google Chronicle - Alerts Connector
-
Updated the following jobs to support new SIEM API:
-
Sync
-
Alerts Creator
-
-
Added ability to authenticate via Workload Identity in the following connector:
- Google Chronicle - Alerts Connector
-
Added ability to authenticate via Workload Identity in the following connector in the following jobs:
-
Sync
-
Alerts Creator
-
Microsoft Azure Sentinel: Version 51.0
-
Integration: Updated the integration code to work with Python version 3.11.
-
Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
-
Improved tracking of Microsoft Sentinel Incident's entities (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead) in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
-
Improved handling of Microsoft Sentinel incidents IDs in connectors backlog in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
Microsoft Graph Mail: Version 23.0
-
Integration: Added support for working with S/MIME-encrypted emails.
-
The code base was refactored in the following connector:
(REGRESSIVE) As part of the refactor, connector's
Tenant (Directory) IDparameter has been updated to aMicrosoft Entra ID Directory ID, this will require re-entering connector's configuration parameters after the update.- Microsoft Graph Mail - Microsoft Graph Mail Connector
Jira: Version 46.0
-
Updated the following jobs:
-
Sync Closure
-
Sync Comments
-
CrowdStrike Falcon: Version 59.0
-
Updated input handling for the following actions:
-
Update Identity Protection Detection
-
Add Identity Protection Detection Comment
-
ExtraHop: Version 5.0
-
Updated alert processing logic in the following connector:
- Extrahop - Detections Connector
March 26, 2025
Microsoft Graph Security: Version 21.0
-
Updated the handling of alerts in the following connector:
- Microsoft Graph Security - Office 365 Security and Compliance Connector
Cisco Firepower Management Center: Version 7.0
- Integration: Added pagination mechanism support.
Siemplify: Version 87.0
-
Removed the following unsupported job from the integration:
- Connectors Monitor
MSSQL: Version 16.0
- Integration: Integration updates.
SCC Enterprise: Version 16.0
- Integration: Added support for regionalized environments.
Exchange: Version 110.0
- Integration: Dependencies update.
Google Chronicle: Version 53.0
-
Propagate SIEM data access scope in the following connector:
- Google Chronicle - Alerts Connector
-
Updated predefined widget in the following action:
- Get Detection Details
Cofense Triage: Version 13.0
- Integration: (REGRESSIVE) Updated alerts and events time mappings.
March 19, 2025
Jira: Version 45.0
-
Added support for integration's sync jobs to handle created issues in the following actions:
-
Create Issue
-
Create Alert Issue Actions
-
-
Added support to handle issues created by the
Create IssueandCreate Alert Issueactions in the following jobs:-
Sync Closure
-
Sync Comments Jobs
-
ServiceNow: Version 54.0
-
Added ability to provide custom fields as JSON objects in the following actions:
-
Create Incident
-
Update Incident
-
Exchange: Version 109.0
- Integration: Added support for working with S/MIME-encrypted emails.
Zoho Desk: Version 8.0
-
Updated the user searching mechanism in the following action:
- Create Ticket
March 12, 2025
New Sysdig Secureintegration
New Web Riskintegration
Mandiant Threat Intelligence: Version 12.0
-
Updated predefined widgets in the following actions:
-
Enrich Entities
-
Enrich IOCs
-
Get Malware Details
-
Varonis Data Security Platform: Version 5.0
- Integration: Updated dependencies.
Mandiant: Version 8.0
-
Updated predefined widgets in the following actions:
-
Enrich Entities
-
Enrich IOCs
-
Get Malware Details
-
Mimecast: Version 11.0
-
(DEPRECATED) No replacement API endpoint in new API in the following action:
- Report Message
-
Integration: Migrated integration to work with the latest API version.
-
Integration: Added client credentials authentication.
March 05, 2025
CrowdStrike Falcon: Version 58.0
-
Added ability to provide a hostname from the input parameters in the following actions:
-
On-Demand Scan
-
Execute Command
-
Run Script
-
Microsoft Azure Sentinel: Version 50.0
-
Improved the connector logging and the API timeout handling in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2
Exchange: Version 108.0
- Integration: Updated the integration.
Google Chronicle: Version 52.0
-
Updated severity handling in the following connector:
- Google Chronicle - Alerts Connector
-
Integration: Updated the integration dependencies.
-
Error handling improvements in the following job:
- Alerts Creator
SiemplifyUtilities: Version 24.0
-
Added ability to disable JSON data escaping in the following action:
- Filter JSON
VirusTotalV3: Version 35.0
-
Updated the comment fetching logic in the following action:
- Submit File
February 26, 2025
Siemplify: Version 86.0
-
The following new actions have been added:
-
Wait For Custom Fields
-
Set Custom Fields
-
Create Gemini Case Summary
-
New Microsoft Graph Mail Delegatedintegration
HTTP v2: Version 7.0
- Integration: Updated the integration to work without authentication.
Anomali: Version 12.0
- Integration: Updated the API authentication.
Mandiant ASM: Version 9.0
- Integration: Updated handling of the ASM Project.
February 24, 2025
Siemplify: Version 85.0
-
Updated input handling in the following case:
- Close Case
February 19, 2025
Carbon Black Response: Version 34.0
-
Fixed the issue with data type of the
Versionparameter in the following connector:- Carbon Black Response - Carbon Black Response Connector
Netskope: Version 12.0
-
Integration: Integration updated to support latest Netskope API updates
Splunk: Version 57.0
- Integration: Updated Dependencies.
Microsoft Graph Mail: Version 22.0
-
Added the ability to control the action's JSON result behavior in the following actions:
-
Search Emails
-
Move Email To Folder
-
Delete Email
-
Wait For Email From User
-
-
Integration: Improved localization support and better handling of the internetMessageID filter.
-
Integration: Improved integration configuration validation.
Exchange: Version 107.0
- Integration: Updated external package dependencies.
February 12, 2025
Microsoft 365 Defender: Version 20.0
-
Added ability to disable alert tracking in the following connector:
- Microsoft 365 Defender - Incidents Connector
Google Chronicle: Version 51.0
-
Improved Connector Logs To Notify On Possible Ingestion Delays in the following connector:
- Google Chronicle - Alerts Connector
-
Updated OOTB mapping in the following connector:
New mapping allows you to have "Disable Event Splitting" enabled and still have all entities mapped out.
- Google Chronicle - Alerts Connector
Snowflake: Version 6.0
- Integration: Updated integration to use the latest API version.
February 07, 2025
Google Chronicle: Version 50.0
-
Improved events time format conversion handling in the following job:
- Google Chronicle - Alerts Creator
February 05, 2025
Google Workspace: Version 19.0
-
The following new action has been added:
- Revoke User Sessions
Google BigQuery: Version 15.0
-
The following new action has been added:
- Run Custom Query
CrowdStrike Falcon: Version 57.0
-
Updated predefined widgets in the following actions:
-
Get Host Information
-
List Host Vulnerabilities
-
Google BigQuery: Version 15.0
-
Updated error handling in the following action:
- Run SQL Query
ServiceNow: Version 53.0
-
Improved support for updating custom fields in the following action:
- Update Incident
McAfee ESM: Version 43.0
-
Integration: Added support for the 11.6.13 and later product versions.
Microsoft Graph Mail: Version 21.0
-
Improved email processing in the following actions:
-
Wait For Email From User
-
Wait For Vote Email Results
-
QRadar: Version 59.0
-
Updated the storage of fetched offenses IDs in the following connectors:
-
Qradar - Correlation Events Connector V2
-
Qradar - Offenses Connector
-
VMware Carbon Black Cloud: Version 35.0
-
Updated predefined widgets in the following actions:
-
List Host Vulnerabilities
-
Enrich Entities
-
January 29, 2025
New Vertex AIintegration
Mandiant Managed Defense: Version 3.0
-
Added ability to provide padding time and updated error handling for the following connector:
- Mandiant Managed Defense - Investigations Connector
Splunk: Version 56.0
- Integration: Updated authentication handling.
Google Chronicle: Version 49.0
-
Updated default configuration for event splitting in the following connector:
- Google Chronicle - Alerts Connector
-
Integration: Updated actions to support the new SIEM API and the ability to authenticate using the
Workload Identity Email. -
Updated predefined widgets in the following actions:
-
Lookup Similar Alerts
-
Get Rule Details
-
Execute UDM Query
-
Get Detection Details
-
January 22, 2025
Siemplify: Version 83.0
-
The following new action has been added:
- Get Case Details
-
Added a new predefined widget to the following action:
- Get Case Details
Exchange: Version 106.0
-
Improved handling of email ingestion in the following connecxtors:
-
Exchange - Mail Connector v2
-
Exchange - Mail Connector v2 With Oauth Authentication
-
January 15, 2025
Fortigate: Version 15.0
- Integration: Updated authentication to be aligned with new API best practices.
Google Kubernetes Engine: Version 7.0
- Integration: Added ability to provide API Root and location in the integration configuration.
Freshworks Freshservice: Version 14.0
-
Added ability to define the workspace in the following action:
- List Tickets
-
Added ability to define the workspace in the following connector:
- Freshworks Freshservice - Tickets Connector
Orca Security: Version 11.0
-
Added ability to work with Orca Score in the following connecctor:
- Orca Security - Alerts Connector
Google Chronicle: Version 48.0
-
Updated ontology mapping in the following connector:
- Google Chronicle - Alerts Connector
ThreatConnect: Version 14.0
- Integration: Updated integration configuration parameters.
SentinelOneV2: Version 37.0
-
Fixed IDs file handling and added an ability to disable the overflow mechanism in the following connector:
- SentinelOne - Threats Connector
Palo Alto Next Gen Firewall: Version 25.0
- Integration: Authorization method aligned to latest PanOS versions.
January 09, 2025
Exchange: Version 105.0
- Integration: Updated code to work with Python version 3.11.
January 08, 2025
Darktrace: Version 17.0
-
Added the
Padding Timeparameter to the following connector:- Darktrace - Model Breaches Connector
CrowdStrike Falcon: Version 56.0
- Integration: Dependencies update.
Splunk:
-
Improved unicode handling for API responses in the following action:
- Ping
SiemplifyUtilities: Version 23.0
-
Updated the following action:
- Filter JSON
January 02, 2025
Microsoft Azure Sentinel: Version 49.0
-
Microsoft Azure Sentinel
- Integration: Reverted to Version 46. Now running with Python 3.7.
December 26, 2024
Updated code to work with Python version 3.11 in the following integrations:
-
HTTP v2: Version 6.0
-
ThreatConnect: Version 13.0
December 24, 2024
New Google Formsintegration
Google Cloud Compute: Version 13.0
-
The following new actions have been added:
-
Add Network Tags
-
Remove Network Tags
-
Add IP To Firewall Rule
-
Remove IP From Firewall Rule
-
Execute VM Patch Job
-
Google Cloud Policy Intelligence: Version 5.0
- Integration: Added the ability to provide the location for regionalised API execution.
Google BigQuery: Version 14.0
- Integration: Added the ability to provide the API Root in the integration configuration.
Screenshot Machine: Version 13.0
- Integration: Updated dependencies.
VMRay: Version 16.0
-
Updated the logic of the following action:
- Upload File And Get Report
Splunk: Version 54.0
-
Refactored the logic of the following action:
- Ping
Cloud Logging: Version 3.0
- Integration: Added the ability to provide the API Root in the integration configuration.
ProofPoint TAP: Version 10.0
- Integration: Action updates.
Any.Run: Version 7.0
-
Due to the changes of the Any.Run API, the following actions have been updated (The
opt_network_heavyevasionaction input parameter was replaced withopt_kernel_heavyevasionand theopt_network_geoaction input parameter value "Fastest" was replaced with "fastest"):-
Analyze File
-
Analyze File URL
-
Analyze URL
-
Google Cloud Compute: Version 13.0
-
Extended capabilities of the following action:
- Update Firewall Rule
-
Integration: Added the ability to provide the API Root in the integration configuration.
Siemplify: Version 82.0
-
Updated predefined widget in the following action:
- Get Similar Cases
CrowdStrike Falcon: Version 55.0
-
Updated the ontology mapping in the following connector:
- Crowdstrike Falcon - Alerts Connector
December 19, 2024
Updated code to work with Python version 3.11 in the following integrations:
-
Case Federation: Version 2.0
-
ElasticSearch: Version 41.0
-
ElasticSearchV7: Version 19.0
-
Ivanti Endpoint Manager: Version 6.0
-
Splunk: Version 53.0
December 18, 2024
SCC Enterprise: Version 15.0
-
The following new action has been added:
- Add SCCE Tags
New PubSubintegration
Google Cloud Storage: Veresion 11.0
- Integration: Added ability to provide API Root in the integration configuration.
Google Alert Center: Version 9.0
-
Updated severity handling logic in the following connector:
- Google Alert Center - Alerts Connector
SCC Enterprise: Version 15.0
- Integration: Code improvements.
Google Cloud IAM: Veresion 15.0
-
Updated action parameter descriptions in the following action:
- Delete Role
-
Integration: Added ability to provide API Root in the integration configuration.
Microsoft Graph Mail: Version 20.0
-
Updated the following action:
- Send Vote Email
-
Integration: Added support for selecting whether to fetch the user email address from the
userPrincipalNameormailfields from Microsoft Graph API.
December 12, 2024
Updated code to work with Python version 3.11 in the following integrations:
-
Intezer: Version 10.0
-
Microsoft Azure Sentinel: Version 48.0
-
ServiceNow: Version 52.0
-
ZohoDesk: Version 7.0
December 11, 2024
SCC Enterprise: Version 14.0
-
The following new action has been added:
- Add SCCE Tags
Microsoft Defender ATP: Version 26.0
- Integration: Added support to modify the login API root.
Rapid7 InsightVM: Version 12.0
-
Updated pagination handling logic in the following actions:
-
Enrich Asset
-
List Scans
-
Launch Scan
-
-
Updated pagination handling logic in the following connector:
- Rapid7 InsightVM - Vulnerabilities Connector
Microsoft 365 Defender: Version 19.0
- Integration: Added ability to modify the Login API root and Graph API root.
Google Chronicle: Version 47.0
-
Improved handling of detections in the following action:
- Get Detection Details
-
Updated alert structure in the following connector:
- Google Chronicle - Alerts Connector
Palo Alto Panorama: Version 32.0
- Integration: Improved actions compatibility with Python 3.11.
December 05, 2024
Updated code to work with Python version 3.11 in the following integrations:
-
Google Chronicle: Version 46.0
-
SCC Enterprise: Version 13.0
December 04, 2024
Microsoft Azure Sentinel: Version 47.0
-
Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
-
Improved tracking of Microsoft Sentinel Incident's entities in the following connectors (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead):
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
-
Improved handling of Microsoft Sentinel incidents IDs in the connector backlog in the following connectors:
-
Microsoft Azure Sentinel - Incident Connector v2
-
Microsoft Azure Sentinel - Incident Tracking Connector
-
Symantec Endpoint Protection 14: Version 17.0
- Integration: Made integration updates.
