Security Flow Plugins

The IBM QRadar plugin adds the ability to manage offenses, create and list offense notes, create and list offense close reasons, and list offense types.

The OTRS Storm plugin adds the ability to manage tickets.

The NL-System-Message node provides the capability to generate a System Message notification from a flow.

The Microsoft Graph Files plugin adds the ability to locate drives and manage driveItems, files and folders, within OneDrive and SharePoint.

The Microsoft Graph REST API plugin adds a generic node for performing nearly any Graph REST API call.

The Google Chat Plugin supports sending text or card data to a Chat or Space.

The Slack Plugin supports sending block data to a Direct Message or Channel.

The Microsoft Teams Plugin supports sending data, in Office 365 connector card format, to a Teams channel.

The Okta plugin supports management of users and groups. Additionally, a generic node exists to expose most REST API methods.

The Microsoft Defender for Endpoints plugin supports the ability to list alerts, get an alert’s details, and update an alert within a customer’s tenant. Additionally, a generic node exists to expose all REST API methods.

Generic plugin used to store configuration information or other settings for use by the NL-Python node.

The Atlassian Jira Software plugin supports management of Jira groups, issues, and users. Additionally, a generic node exists to expose all REST API methods.

The IPinfo plugin supports loading detailed information about IP addresses and Autonomous System Numbers (ASNs).

The CIRCL CVE Search plugin adds the ability to search for CVEs, list vendors, list vendor products, list CVEs for a vendor’s product, and load a CVE by ID using the cve-search REST API.

The Security Flow NL-Delay node is usable over arbitrarily long periods of time, across deploys, or across system restarts.

The Microsoft Azure Security Center (ASC) plugin adds the ability to list alerts, get an alert’s details, and update an alert’s status.

The Microsoft Graph Security plugin adds the ability to list alerts, get an alert’s details, and update an alert within a customer’s tenant across all integrated solutions.

The Security Flow NL-Run-Report node provides the ability to run an existing dashboard report.

The Microsoft SQL Server plugin provides the functionality to execute queries on a database.

The Security Flow NL-Message-Analysis node tests the enabled Message Analyzer configurations against incoming messages to make routing decisions.

The CrowdStrike Falcon Plugin provides the functionality for managing hosts, performing sandbox analysis, retrieving sandbox artifacts, retrieving information on IoCs, executing real time response (RTR) commands, manage RTR custom scripts, managing custom IoCs, managing detections, and managing incidents.

The Microsoft 365 Outlook plugin provides nodes to receive emails, send emails, and manage mailbox messages via the MS Graph API.

Microsoft (Office) 365 Exchange Admin Center plugin adds the ability to manage mail flow rules (transport rules) within the Exchange Admin Center, manage a user’s inbox rules and manage a user’s mailbox permissions.

The Security Flow Create File node provides the ability to create file(s) associated with the current message.

The Aggregate nodes provide the ability to check, route, or collect similar messages into the same incident.

The NL Python node executes the supplied Python script within a Python Virtual Environment.

The NL Split Array node splits an array of elements in the incoming message into individual output messages.

The NL Find SDN Assets node provides the ability to locate Software Defined Networking (SDN) Assets from a Source in the incoming message.

The Email nodes provide the ability to convert EML (RFC 822) attachments into email messages for processing within a flow, associate email attachments to incidents, and add email attachments to the message for sending.

The Broadcast nodes provide the ability to gathering threat intelligence and to block or unblock any potential Indicator of Compromise (IoC).

The URL and Domain nodes provide the ability to parse information from a URL and convert a domain to an IP address.

The Flow variable nodes provide the ability to save state within an Incident to determine future behavior within a flow.

The Security Flow Waiter, Remove Pending Action, and Sync nodes provide the ability to manage an Incident by allowing for a user decision point, flow based removal of decision points, and synchronization points to manage manual and automated decision making.

The Security Flow Incident nodes provide the ability to create, add a note, set the name, or set the status of an Incident.

The Security Flow IoC (Indicators of Compromise) nodes provide the ability to manage IoC information and route messages based on IoC trust level.

The Security Flow URL Scan Plugin provides Incident enrichment with threat intelligence from the urlscan.io API.

The LDAP / Active Directory (AD) Plugin adds the ability to manage groups and users.

The Panorama plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses, decommissioning servers, and performing bulk actions.

The Azure AD Plugin provides the functionality to manage users, manage groups, and search for sign-in information.

The Recorded Future Plugin adds the ability to gather threat intelligence on Indicators of Compromise (IoCs – URLs, domains, IP addresses, file hashes, and vulnerabilities), trigger flows based on alerts, update alerts, retrieve entities, and manage user lists.

Utility plugin which provides Dashboard reporting capabilities

The Security Flow APIVoid Plugin provides Incident enrichment with threat intelligence from the APIVOID API.

The OPNsense plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.

Utility plugin provides the ability to retrieve whois information for a domain and navigate flows based on domain ages.

The McAfee Network Security Platform (NSP) Plugin provides the ability to retrieve real time attack data from NSP’s attack log.

The Palo Alto Firewall plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.

The Pastebin plugin provides a node to fetch a paste using a paste ID or pastebin.com URL.

McAfee TIE plugin provides the ability to set file reputation on McAfee TIE servers and to query those servers for file reputation.

McAfee Content Security Reporter (CSR) nodes provide the ability to filter CSR queries defined in ePO.

Security Flow ATD Plugin provides the ability to automates McAfee ATD sandbox functionality.

The Security Flow X-Force Plugin provides Incident enrichment with threat intelligence from the X-Force API.

Security Flow MaxMind Plugin provides geolocation information for a particular host or IP address.

Nevelex Labs provides a configurable Microsoft 365 Security & Compliance plugin to expose and automate the search and purge capabilities of the Security & Compliance Center.

The Security Flow RAPID7 InsightVM / Nexpose Plugin adds site management, site asset management, site scanning capabilities, asset searching and querying, and vulnerability searching and querying.

Security Flow’s ServiceNow plugin provides the ability to manage table records, manage a record’s attachments, and download a record’s attachments.

Security Flow Checkpoint Plugin provides the ability to automate Check Point network analysis and firewall management.

The Security Flow Infoblox Plugin provides Infoblox DDI functionality for management of Response Policy Zones to block domains and IP addresses and retrieval of DHCP lease information.

The Security Flow VirusTotal Plugin provides Incident enrichment with threat intelligence from the VirusTotal API.

Nevelex Labs Security Flow provides an Enterprise Security Manager plugin that exposes and automates the McAfee ESM security information and event management (SIEM) platform.

McAfee ePolicy Orchestrator (ePO) plugin provides access to retrieve System Tree information, manage tags, and execute existing queries within ePO.

Nevelex Labs McAfee Web Gateway (mwg) plugin exposes list management capabilities.