Demisto - Security Orchestration

Demisto - Security Orchestration

Integrate Uptycs into your Security Orchestration, Automation, and Response architecture using Demisto. Access a full repertoire of Uptycs "actions" directly from within Demisto, and integrate Uptycs actions into your playbooks with simple drag and drop. 


Setting up Demisto:

If you are not a Demisto customer already, download and install Demisto Community Edition according to Demisto instructions.

Configure the Uptycs integration

Go to Settings->Integrations->Servers & Services and search for Uptycs.

Create an instance of your integration and enter in the appropriate Uptycs API information obtained from your uptycs.io account.

Check the Fetches incidents box.

Click the Test button to verify success.

Click the Done button

Commands:

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. uptycs-get-assets
  2. uptycs-run-query
  3. uptycs-get-alerts
  4. uptycs-get-alert-rules
  5. uptycs-get-event-rules
  6. uptycs-get-events
  7. uptycs-get-process-open-sockets
  8. uptycs-get-process-information
  9. uptycs-get-process-child-processes
  10. uptycs-get-processes
  11. uptycs-get-process-open-files
  12. uptycs-set-alert-status
  13. uptycs-set-asset-tag
  14. uptycs-get-user-information
  15. uptycs-get-threat-indicators
  16. uptycs-get-threat-sources
  17. uptycs-get-threat-vendors
  18. uptycs-get-parent-information
  19. uptycs-post-threat-source
  20. uptycs-get-users
  21. uptycs-get-asset-groups
  22. uptycs-get-user-asset-groups
  23. uptycs-get-threat-indicator
  24. uptycs-get-threat-source

    • Related Articles

    • SAML Configuration

      Uptycs supports SAML 2.0 authentication and is configured on the back-end by Uptycs Customer Success Team. Before generating metadata file on your side, request Uptycs to provide the config xml with contains Uptycs public cert. Here are the other ...

    • Auth0 Integration

      Overview This document outlines steps / information needed  to configure Auth0 authentication Procedure Create Uptycs Application Provision "Allowed Callback URLs", "Allowed Web Origins" Note : Replace <domain> with the actual domain. Enable SAML2 ...

    • Create Jira Tickets from Uptycs Alerts

      This python module allows you to create Jira tickets from Uptycs alerts.  Usage: ./uptjira.py <uptycs_apikey_file> [--domainsuffix <uptycs_domain>] The --domainsuffix flag is only required for uptycs domains other than '.uptycs.io' This python script ...

    • OneLogin Integration

      Overview This document outlines all the information needed / provisioned  for Uptycs to configure OneLogin authentication Setup on the your side 1. ACS (Consumer) URL Validator* : https://<domain>.uptycs.io/saml/callback 2. ACS (Consumer) URL* : ...

    • AWS Tag Creation From Uptycs Saved Queries

      aws_tag_from_query.py This script applies AWS tags to resources based on an Uptycs saved query. It uses the AWS Python SDK (boto3).  Usage:   python3 aws_tag_from_query.py <uptycs_apikey_file> [-q <"query name"> | --all] -k <key> [-v <value>] -ec2 ...