The NL-System-Message node provides the capability to generate a System Message notification from a flow.

The Aggregate nodes provide the ability to check, route, or collect similar messages into the same incident.

The NL Python node executes the supplied Python script within a Python Virtual Environment.

The NL Split Array node splits an array of elements in the incoming message into individual output messages.

The NL Find SDN Assets node provides the ability to locate Software Defined Networking (SDN) Assets from a Source in the incoming message.

The Email nodes provide the ability to convert EML (RFC 822) attachments into email messages for processing within a flow, associate email attachments to incidents, and add email attachments to the message for sending.

The Broadcast nodes provide the ability to gathering threat intelligence and to block or unblock any potential Indicator of Compromise (IoC).

The URL and Domain nodes provide the ability to parse information from a URL and convert a domain to an IP address.

The Flow variable nodes provide the ability to save state within an Incident to determine future behavior within a flow.

The Security Flow Waiter, Remove Pending Action, and Sync nodes provide the ability to manage an Incident by allowing for a user decision point, flow based removal of decision points, and synchronization points to manage manual and automated decision making.

The Security Flow Incident nodes provide the ability to create, add a note, set the name, or set the status of an Incident.

The Security Flow IoC (Indicators of Compromise) nodes provide the ability to manage IoC information and route messages based on IoC trust level.

While Security Flow integrates with many services out of the box, there may be a need to integrate with a custom service or rarely used service. This ease of extensibility is one of the core benefits of Security Flow. Learn how to use the NL-Python node to create an integration with Have I Been Pwned. And you’ll see just how easy it is to create a new integration.

The Notification Templates tab within the Categories, Analyzers, Templates, Incident & Timeline Configuration Screen allows for the management of email templates used by the NL-Email-Template node.

Generic plugin used to store configuration information or other settings for use by the NL-Python node.

The Security Flow Metadata contains information about the message traversing the flow.

The Categories, Analyzers, Templates, Incident & Timeline Configuration Screen is used to manage Incident Categories, Message Analyzers, Data Renderers, Notification Templates, and Restricted Access Fields.

Set of training videos to get your Security Flow system up and running quickly.

Learn how to use the Security Flows screen to create, edit, and deploy flows. This page also explains how to export flows, import flows, and restart the entire flow engine.

Application Settings screen is used to manage Security Flow’s configuration. This includes options such as the mail server to use for outbound message, the LDAP server to use for authentication, the system’s web server certificates, etc…

The manage Users screen contains a layout showing each user in a row with seven columns of information.