×
Security Flow Plugins
Plugins extend Security Flow by integrating in products and services.
  • Provides Automation Capabilities
  • Provides Flow Nodes to Orchestrate the Automation
  • Batch Changes Across Devices & Services

Security Flow Plugins

Integrate many different security products to reduce incident response times.
  • Firewalls
  • Web Gateways
  • Email Security
  • Endpoint Security Systems
  • Security Information and Event Management (SIEM)
  • Intrusion Detection and Prevention Systems (IDPS)
  • Vulnerability Management Solutions
  • DNS, DHCP and IP address management (DDI)
  • Threat Intelligence & Telemetry
  • Sandbox
  • IT Incident Ticketing Systems
  • Next Generation Firewalls (NGFWs)
IPinfo

The IPinfo plugin supports loading detailed information about IP addresses and Autonomous System Numbers (ASNs).

CIRCL CVE Search

The CIRCL CVE Search plugin adds the ability to search for CVEs, list vendors, list vendor products, list CVEs for a vendor’s product, and load a CVE by ID using the cve-search REST API.

Built In: Delay Node

NL-Delay

Azure Security Center (ASC)

The Microsoft Azure Security Center (ASC) plugin adds the ability to list alerts, get an alert’s details, and update an alert’s status.

Microsoft Graph Security

The Microsoft Graph Security plugin adds the ability to list alerts, get an alert’s details, and update an alert within a customer’s tenant across all integrated solutions.

Built In: Run Report Node

The Security Flow NL-Run-Report node provides the ability to run an existing dashboard report.

Microsoft SQL Server

The Microsoft SQL Server plugin provides the functionality to execute queries on a database.

Built In: Message Analysis Node

The Security Flow NL-Message-Analysis node tests the enabled Message Analyzer configurations against incoming messages to make routing decisions.

CrowdStrike Falcon

The CrowdStrike Falcon Plugin supports managing hosts, performing sandbox analysis, retrieving sandbox artifacts, retrieving information on IoCs, executing real time response (RTR) commands, and managing custom IoCs.

Microsoft 365 Outlook

The Microsoft 365 Outlook plugin provides nodes to send and receive emails via Microsoft 365 Outlook.

Microsoft 365 Exchange Admin Center

Microsoft (Office) 365 Exchange Admin Center plugin adds the ability to manage mail flow rules (transport rules) within the Exchange Admin Center, manage a user’s inbox rules and manage a user’s mailbox permissions.

Built In: Create File Node

The Security Flow Create File node provides the ability to create file(s) associated with the current message.

Built-In: Aggregate Nodes

The Aggregate nodes provide the ability to check, route, or collect similar messages into the same incident.

Built-In: Python Node

The NL Python node executes the supplied Python script within a Python Virtual Environment.

Built-In: Split Array Node

The NL Split Array node splits an array of elements in the incoming message into individual output messages.

Built-In: SDN Node

The NL Find SDN Assets node provides the ability to locate Software Defined Networking (SDN) Assets from a Source in the incoming message.

Built-In: Email Nodes

The Email nodes provide the ability to convert EML (RFC 822) attachments into email messages for processing within a flow, associate email attachments to incidents, and add email attachments to the message for sending.

Built-in: Broadcast Nodes

The Broadcast nodes provide the ability to gathering threat intelligence and to block or unblock any potential Indicator of Compromise (IoC).

Built-In: URL & Domain Nodes

The URL and Domain nodes provide the ability to parse information from a URL and convert a domain to an IP address.

Built-In: Flow Variable Nodes

The Flow variable nodes provide the ability to save state within an Incident to determine future behavior within a flow.

Built-In: Pending Action & Sync Nodes

The Security Flow Waiter, Remove Pending Action, and Sync nodes provide the ability to manage an Incident by allowing for a user decision point, flow based removal of decision points, and synchronization points to manage manual and automated decision making.

Built-In: Incident Nodes

The Security Flow Incident nodes provide the ability to create, add a note, set the name, or set the status of an Incident.

Built-In: Indicators of Compromise Nodes

The Security Flow IoC (Indicators of Compromise) nodes provide the ability to manage IoC information and route messages based on IoC trust level.

urlscan.io

The Security Flow URL Scan Plugin provides Incident enrichment with threat intelligence from the urlscan.io API.

LDAP / Active Directory

The LDAP / Active Directory (AD) Plugin adds the ability to manage groups and users.

Panorama

The Panorama plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses, decommissioning servers, and performing bulk actions.

Microsoft Azure AD

The Azure AD Plugin provides the functionality to manage users, manage groups, and search for sign-in information.

Recorded Future

The Recorded Future Plugin adds the ability to gather threat intelligence on Indicators of Compromise (IoCs – URLs, domains, IP addresses, file hashes, and vulnerabilities), trigger flows based on alerts, and update alerts.

Nevelex Labs Reports

Utility plugin which provides Dashboard reporting capabilities

APIVoid

The Security Flow APIVoid Plugin provides Incident enrichment with threat intelligence from the APIVOID API.

OPNsense

The OPNsense plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.

Whois

Utility plugin provides the ability to retrieve whois information for a domain and navigate flows based on domain ages.

McAfee NSP

The McAfee Network Security Platform (NSP) Plugin provides the ability to retrieve real time attack data from NSP’s attack log.

Palo Alto Firewall

The Palo Alto Firewall plugin provides for the blocking/unblocking of Domains, URLs, and IP addresses.

Pastebin

The Pastebin plugin provides a node to fetch a paste using a paste ID or pastebin.com URL.

McAfee TIE

McAfee TIE plugin provides the ability to set file reputation on McAfee TIE servers and to query those servers for file reputation.

McAfee CSR

McAfee Content Security Reporter (CSR) nodes provide the ability to filter CSR queries defined in ePO.

McAfee ATD

Security Flow ATD Plugin provides the ability to automates McAfee ATD sandbox functionality.

IBM X-Force

The Security Flow X-Force Plugin provides Incident enrichment with threat intelligence from the X-Force API.

MaxMind

Security Flow MaxMind Plugin provides geolocation information for a particular host or IP address.

Microsoft 365 Security & Compliance

Nevelex Labs provides a configurable Microsoft 365 Security & Compliance plugin to expose and automate the search and purge capabilities of the Security & Compliance Center.

RAPID7 InsightVM / Nexpose

The Security Flow RAPID7 InsightVM / Nexpose Plugin adds site management, site asset management, site scanning capabilities, asset searching and querying, and vulnerability searching and querying.

ServiceNow

Security Flow’s ServiceNow plugin provides the ability to create, read, update, and delete record within ServiceNow tables.

Check Point

Security Flow Checkpoint Plugin provides the ability to automate Check Point network analysis and firewall management.

Infoblox DDI

The Security Flow Infoblox Plugin provides Infoblox DDI functionality for management of Response Policy Zones to block domains and IP addresses and retrieval of DHCP lease information.

VirusTotal

The Security Flow VirusTotal Plugin provides Incident enrichment with threat intelligence from the VirusTotal API.

McAfee ESM

Nevelex Labs Security Flow provides an Enterprise Security Manager plugin that exposes and automates the McAfee ESM security information and event management (SIEM) platform.

McAfee ePolicy Orchestrator (ePO)

McAfee ePolicy Orchestrator (ePO) plugin provides access to retrieve System Tree information, manage tags, and execute existing queries within ePO.

McAfee Web Gateway

Nevelex Labs McAfee Web Gateway (mwg) plugin exposes list management capabilities.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA