Add Tag to Assets
Workflow #0068
Response Workflow
This workflow searches Kenna for assets matching the observable provided and adds a tag to them. A casebook is created for each asset if “Create Casebook” is set to true. Supported observables: ip
, hostname
, mac_address
This workflow has been updated to use the new "SecureX Token" account key. For more information about this, please see this page. If you want to use legacy authentication, you can import an older version of the workflow.
Change Log
Date | Notes |
---|---|
Aug 4, 2022 | - Initial release |
Sep 7, 2022 | - Updated to support SecureX Tokens |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Kenna - Add Tag to Asset
- Kenna - Search Assets
- Threat Response - Create Casebook
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Kenna Security
Workflow Steps
- Fetch global variables
- Build the query string based on the observable provided
- Search for matching assets
- Convert the asset list to a table
- For each asset:
- Add the tag to the asset
- If creating casebooks is enabled, create a casebook
Configuration
- Add your Kenna API token to the
API Token
local variable (or, if you have an API key in a global variable already, set the local variable to the global’s value using theFetch Global Variables
group at the beginning of the workflow) - Set the
Create Casebook
local variable totrue
orfalse
depending on whether or not you want a casebook created for each tagged asset - Set the
Kenna Instance URL
local variable to the URL of your Kenna instance (for example:customer.kennasecurity.com
) - Set the
Tag to Add
local variable to the tag you want added to matching assets in Kenna - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Kenna_Target | HTTP Endpoint | Protocol: HTTPS Host: api.kennasecurity.com Path: None | None | |
Private_CTIA_Target | HTTP Endpoint | Protocol: HTTPS Host: private.intel.amp.cisco.com Path: None | CTR_Credentials | Created by default |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
CTR_Credentials | SecureX Token | See this page |