Skip to content

Commit

Permalink
Release notes for version 2.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
root committed Mar 4, 2024
1 parent 7b98c10 commit 68d3bed
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 128 deletions.
4 changes: 2 additions & 2 deletions LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright (c) ThreatDown Nebula, 2019-2024
Copyright (c) ThreatDown, 2019-2024

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand All @@ -198,4 +198,4 @@
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.
250 changes: 125 additions & 125 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
# ThreatDown Nebula

Publisher: ThreatDown
Connector Version: 2\.0\.1
Connector Version: 2.1.0
Product Vendor: ThreatDown
Product Name: Malwarebytes Endpoint Protection
Product Version Supported (regex): "\.\*"
Minimum Product Version: 6\.1\.1
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.1.1

This app integrates with the ThreatDown Nebula platform to perform prevention, detection, remediation, and forensics endpoint management tasks
This app integrates with the ThreatDown (powered by Malwarebytes) Nebula platform to perform prevention, detection, remediation, and forensics endpoint management tasks

[comment]: # " File: README.md"
[comment]: # " Copyright (c) ThreatDown, 2019-2024"
Expand All @@ -26,14 +26,14 @@ This app integrates with the ThreatDown Nebula platform to perform prevention, d
[comment]: # ""
## Authentication

The ThreatDown Nebula App uses the same Cloud console credential to authenticate and issue RESTful API
The ThreatDown App uses the same Cloud console credential to authenticate and issue RESTful API
commands.

[![](img/threatdown_login.png)](img/threatdown_login.png)


### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a ThreatDown Endpoint Protection asset in SOAR.
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Malwarebytes Endpoint Protection asset in SOAR.

VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
Expand Down Expand Up @@ -78,15 +78,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to scan and remediate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'scan and report'
Scan an endpoint and report threats found
Expand All @@ -100,15 +100,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to scan and report | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'isolate endpoint'
When threats are found, isolate a network, process, or desktop endpoint
Expand All @@ -122,15 +122,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'isolate process'
When threats are found, isolate a process endpoint
Expand All @@ -144,15 +144,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'isolate network'
Network Isolation on an endpoint when threats are found
Expand All @@ -166,15 +166,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'isolate desktop'
Desktop Isolation an endpoint when threats are found
Expand All @@ -188,15 +188,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'deisolate endpoint'
Deisolate endpoint after threats are removed
Expand All @@ -210,15 +210,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to deisolate | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` |
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |

## action: 'list endpoints'
List all the endpoints/sensors configured on the device
Expand All @@ -230,22 +230,22 @@ Read only: **True**
No parameters are required for this action

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.data\.\*\.machines\.\*\.created\_at | string |
action\_result\.data\.\*\.machines\.\*\.id | string |
action\_result\.data\.\*\.machines\.\*\.last\_seen\_at | string |
action\_result\.data\.\*\.machines\.\*\.name | string |
action\_result\.data\.\*\.machines\.\*\.online | boolean |
action\_result\.data\.\*\.machines\.\*\.os\_architecture | string |
action\_result\.data\.\*\.machines\.\*\.os\_platform | string |
action\_result\.data\.\*\.machines\.\*\.os\_release\_name | string |
action\_result\.data\.\*\.total\_count | numeric |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.data.\*.machines.\*.created_at | string | | 2018-10-19T17:59:32.877626Z
action_result.data.\*.machines.\*.id | string | | 9c3999cb-bdd0-4b01-b7f3-42a2f17ec429
action_result.data.\*.machines.\*.last_seen_at | string | | 2018-11-05T05:23:18.615218Z
action_result.data.\*.machines.\*.name | string | | test
action_result.data.\*.machines.\*.online | boolean | | True False
action_result.data.\*.machines.\*.os_architecture | string | | AMD64
action_result.data.\*.machines.\*.os_platform | string | | WINDOWS
action_result.data.\*.machines.\*.os_release_name | string | | Microsoft Windows 10 Pro
action_result.data.\*.total_count | numeric | | 7
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | | 2
summary.total_objects_successful | numeric | | 0

## action: 'get endpoint info'
Get information about an endpoint
Expand All @@ -259,22 +259,22 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of the endpoint to get information | string | `host name`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.hostname | string | `host name`
action\_result\.data\.\*\.created\_at | string |
action\_result\.data\.\*\.id | string |
action\_result\.data\.\*\.last\_seen\_at | string |
action\_result\.data\.\*\.name | string |
action\_result\.data\.\*\.online | boolean |
action\_result\.data\.\*\.os\_architecture | string |
action\_result\.data\.\*\.os\_platform | string |
action\_result\.data\.\*\.os\_release\_name | string |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.hostname | string | `host name` | test
action_result.data.\*.created_at | string | | 2019-05-01T22:03:31.019437Z
action_result.data.\*.id | string | | 6013e073d5a384b4bc1b494f9258a43a6af11a50
action_result.data.\*.last_seen_at | string | | 2019-05-04T17:28:00.211005Z
action_result.data.\*.name | string | | WIN-V9TNRP1M0G4
action_result.data.\*.online | boolean | | True False
action_result.data.\*.os_architecture | string | | AMD64
action_result.data.\*.os_platform | string | | WINDOWS
action_result.data.\*.os_release_name | string | | Microsoft Windows 10 Pro
action_result.summary | string | |
action_result.message | string | | Message from action
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1

## action: 'get scan info'
Get information about a scan job
Expand All @@ -285,29 +285,29 @@ Read only: **True**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**scan\_id** | required | Scan ID for the job | string | `scan id`
**scan_id** | required | Scan ID for the job | string | `scan id`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.status | string |
action\_result\.parameter\.scan\_id | string | `scan id`
action\_result\.data\.\*\.deleted\_count | numeric |
action\_result\.data\.\*\.duration\_seconds | numeric |
action\_result\.data\.\*\.found\_count | numeric |
action\_result\.data\.\*\.from\_cloud | boolean |
action\_result\.data\.\*\.id | string |
action\_result\.data\.\*\.machine\_id | string |
action\_result\.data\.\*\.machine\_name | string |
action\_result\.data\.\*\.ondemand | boolean |
action\_result\.data\.\*\.os\_platform | string |
action\_result\.data\.\*\.quarantined\_count | numeric |
action\_result\.data\.\*\.reported\_at | string |
action\_result\.data\.\*\.scan\_type | string |
action\_result\.data\.\*\.started\_at | string |
action\_result\.data\.\*\.started\_at\_local | string |
action\_result\.data\.\*\.total\_count | numeric |
action\_result\.summary | string |
action\_result\.message | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.scan_id | string | `scan id` | 0f03a753-553e-4dbd-a3d6-94b18a96799b
action_result.data.\*.deleted_count | numeric | | 0
action_result.data.\*.duration_seconds | numeric | | 90
action_result.data.\*.found_count | numeric | | 2
action_result.data.\*.from_cloud | boolean | | True False
action_result.data.\*.id | string | | fd47c2e9-83a3-4675-bac4-0133ab3a4f65
action_result.data.\*.machine_id | string | | ebc10d20-7a2e-4f69-8313-97a472bc712b
action_result.data.\*.machine_name | string | | test.domain.com
action_result.data.\*.ondemand | boolean | | True False
action_result.data.\*.os_platform | string | | WINDOWS
action_result.data.\*.quarantined_count | numeric | | 2
action_result.data.\*.reported_at | string | | 2019-04-25T16:01:39.093722Z
action_result.data.\*.scan_type | string | | ThreatScan
action_result.data.\*.started_at | string | | 2019-04-25T16:01:01Z
action_result.data.\*.started_at_local | string | | 2019-04-25T09:01:01-07:00
action_result.data.\*.total_count | numeric | | 2
action_result.summary | string | |
action_result.message | string | | Message from action
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
1 change: 1 addition & 0 deletions release_notes/2.1.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Changed App name from 'Malwarebytes Cloud' to 'ThreatDown'
1 change: 0 additions & 1 deletion release_notes/unreleased.md
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
**Unreleased**
* Changed App name from 'Malwarebytes Cloud' to 'ThreatDown'

0 comments on commit 68d3bed

Please sign in to comment.