Security Flow Plugins
- Web Gateways
- Email Security
- Endpoint Security Systems
- Security Information and Event Management (SIEM)
- Intrusion Detection and Prevention Systems (IDPS)
- Vulnerability Management Solutions
- DNS, DHCP and IP address management (DDI)
- Threat Intelligence & Telemetry
- IT Incident Ticketing Systems
- Next Generation Firewalls (NGFWs)
The Microsoft Defender for Endpoints plugin supports the ability to list alerts, get an alert’s details, and update an alert within a customer’s tenant. Additionally, a generic node exists to expose all REST API methods.
The Atlassian Jira Software plugin supports management of Jira groups, issues, and users. Additionally, a generic node exists to expose all REST API methods.
The IPinfo plugin supports loading detailed information about IP addresses and Autonomous System Numbers (ASNs).
The CIRCL CVE Search plugin adds the ability to search for CVEs, list vendors, list vendor products, list CVEs for a vendor’s product, and load a CVE by ID using the cve-search REST API.
The Security Flow NL-Delay node is usable over arbitrarily long periods of time, across deploys, or across system restarts.
The Microsoft Azure Security Center (ASC) plugin adds the ability to list alerts, get an alert’s details, and update an alert’s status.
The Microsoft Graph Security plugin adds the ability to list alerts, get an alert’s details, and update an alert within a customer’s tenant across all integrated solutions.
The Security Flow
NL-Run-Report node provides the ability to run an existing dashboard report.
The Microsoft SQL Server plugin provides the functionality to execute queries on a database.
The CrowdStrike Falcon Plugin supports managing hosts, performing sandbox analysis, retrieving sandbox artifacts, retrieving information on IoCs, executing real time response (RTR) commands, and managing custom IoCs.
The Microsoft 365 Outlook plugin provides nodes to send and receive emails via Microsoft 365 Outlook.
Microsoft (Office) 365 Exchange Admin Center plugin adds the ability to manage mail flow rules (transport rules) within the Exchange Admin Center, manage a user’s inbox rules and manage a user’s mailbox permissions.
The Security Flow Create File node provides the ability to create file(s) associated with the current message.
The Aggregate nodes provide the ability to check, route, or collect similar messages into the same incident.
The NL Python node executes the supplied Python script within a Python Virtual Environment.
NL Split Array node splits an array of elements in the incoming message into individual output messages.
NL Find SDN Assets node provides the ability to locate Software Defined Networking (SDN) Assets from a
Source in the incoming message.
The Email nodes provide the ability to convert EML (RFC 822) attachments into email messages for processing within a flow, associate email attachments to incidents, and add email attachments to the message for sending.
The Broadcast nodes provide the ability to gathering threat intelligence and to block or unblock any potential Indicator of Compromise (IoC).
The URL and Domain nodes provide the ability to parse information from a URL and convert a domain to an IP address.
The Flow variable nodes provide the ability to save state within an Incident to determine future behavior within a flow.
The Security Flow Waiter, Remove Pending Action, and Sync nodes provide the ability to manage an Incident by allowing for a user decision point, flow based removal of decision points, and synchronization points to manage manual and automated decision making.
The Security Flow Incident nodes provide the ability to create, add a note, set the name, or set the status of an Incident.
The Security Flow IoC (Indicators of Compromise) nodes provide the ability to manage IoC information and route messages based on IoC trust level.
The Security Flow URL Scan Plugin provides Incident enrichment with threat intelligence from the urlscan.io API.
The LDAP / Active Directory (AD) Plugin adds the ability to manage groups and users.
The Panorama plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses, decommissioning servers, and performing bulk actions.
The Azure AD Plugin provides the functionality to manage users, manage groups, and search for sign-in information.
The Recorded Future Plugin adds the ability to gather threat intelligence on Indicators of Compromise (IoCs – URLs, domains, IP addresses, file hashes, and vulnerabilities), trigger flows based on alerts, and update alerts.
The Security Flow APIVoid Plugin provides Incident enrichment with threat intelligence from the APIVOID API.
The OPNsense plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.
Utility plugin provides the ability to retrieve whois information for a domain and navigate flows based on domain ages.
The McAfee Network Security Platform (NSP) Plugin provides the ability to retrieve real time attack data from NSP’s attack log.
The Palo Alto Firewall plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.
The Pastebin plugin provides a node to fetch a paste using a paste ID or pastebin.com URL.
McAfee TIE plugin provides the ability to set file reputation on McAfee TIE servers and to query those servers for file reputation.
McAfee Content Security Reporter (CSR) nodes provide the ability to filter CSR queries defined in ePO.
Security Flow ATD Plugin provides the ability to automates McAfee ATD sandbox functionality.
The Security Flow X-Force Plugin provides Incident enrichment with threat intelligence from the X-Force API.
Security Flow MaxMind Plugin provides geolocation information for a particular host or IP address.
Nevelex Labs provides a configurable Microsoft 365 Security & Compliance plugin to expose and automate the search and purge capabilities of the Security & Compliance Center.
The Security Flow RAPID7 InsightVM / Nexpose Plugin adds site management, site asset management, site scanning capabilities, asset searching and querying, and vulnerability searching and querying.
Security Flow’s ServiceNow plugin provides the ability to create, read, update, and delete record within ServiceNow tables.
Security Flow Checkpoint Plugin provides the ability to automate Check Point network analysis and firewall management.
The Security Flow Infoblox Plugin provides Infoblox DDI functionality for management of Response Policy Zones to block domains and IP addresses and retrieval of DHCP lease information.
The Security Flow VirusTotal Plugin provides Incident enrichment with threat intelligence from the VirusTotal API.
Nevelex Labs Security Flow provides an Enterprise Security Manager plugin that exposes and automates the McAfee ESM security information and event management (SIEM) platform.
McAfee ePolicy Orchestrator (ePO) plugin provides access to retrieve System Tree information, manage tags, and execute existing queries within ePO.