Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
Home
Getting Started
Important Notes
Using Our GitHub Repositories
Default Repositories
Managing Git Repositories
Importing Git Content
Additional Resources
Content Quality
Atomic Action Best Practices
Documentation Template
Workflow Best Practices
Frequently Asked Questions
Licensing
Account Keys
Default Account Keys
SecureX Token
Activities
Condition Block
Date and Time
Calculate Date
Calculate Date Time Difference
Format Date
Parse Date
Execute Python Script
Python Module List
Files
Download File
Read File
Upload File
Write File
For Each Loop
HTTP Request
Authentication
JSONPath Query
Send Email
Set Variables
Tables
Add Row to Table
Delete from Table
Read Table from JSON/Text/XML
Select from Table
Update Row in Table
Where Clauses
Tasks
Create Approval Request
Wait For Event
While Loop
XPath Query
Atomic Actions
Configuration
ManageEngine
Webex
System Objects
Utility Atomics
Calendars
Date Lists
Groups
Recurring
Samples
Events
Approval Task Events
Email Events
Webhook Events
Schedules
Samples
Remote
Creating a Remote
Target Configuration
Virtual Appliance Setup
Targets
Default Targets
Target Groups
Tasks
Variables
Custom Table Types
Data Types
Global Variables
Using Variables
Workflow Variables
Webhooks
Workflow Analyzer
Workflows
Index
Response Workflows
Triggering via Threat Response API
Samples
Triggers
Cisco Adaptive Security Appliance
AWS VPN Capacity Expansion
Microsoft Online Split Tunnel
Cisco Defense Orchestrator
Microsoft Online Object Group Update
Cisco Identity Services Engine
Add Endpoint to Identity Group
Quarantine Endpoint
Remove Endpoint from Identity Group
UnQuarantine Endpoint
Cisco Meraki
MX L3 Outbound Firewall Block
MX Security Events to Incidents
Cisco Orbital
CVE Hunt to ServiceNow Incident
Top MacOS IR Indicators to ServiceNow
Top Windows IR Indicators to ServiceNow
Cisco Secure Cloud Analytics
Block IPs and Domains from Alerts in Umbrella
Generate Casebook with Flow Links
Handle AWS SSH Quarantine Approvals
Isolate Endpoints from Alerts
Quarantine AWS Instances from Alerts
Cisco Secure Cloud Insights
Alerts to SecureX Incidents
Cisco Secure Email
Investigate Retrospective Alerts
Cisco Secure Endpoint
Multiple Low or Medium Alerts to ServiceNow
Remove Inactive Endpoints
Threat Detected Events to Incidents
Threat Hunting Events to Incidents
Vulnerabilities to SecureX Incidents
Vulnerabilities to ServiceNow Incidents
Cisco Secure Firewall
API Access Methods
Block Observable
Block Observable (Remote)
Block Observable (SSE)
Block Observable - Setup
Get Expiring Rules (Remote)
Get Expiring Rules (SSE)
Get Health Alerts (Remote)
Get Health Alerts (SSE)
Impact Red Remediation
Incident Endpoint Enrichment
Microsoft Online Dynamic Object Update (Remote)
Microsoft Online Dynamic Object Update (SSE)
Search PSIRT Advisories (Remote)
Search PSIRT Advisories (SSE)
Cisco Secure Malware Analytics
Endpoint IOCs from File Hash
Cisco Secure Network Analytics
Block External Threats With Umbrella
Generate Casebook with Top Hosts and Peers
Isolate Endpoints and Block Hashes from Alarms
Update Host Group with Microsoft Online IPs
Cisco SecureX
Incident Manager Cleanup
Repeat Incident Alerting
Cisco Umbrella
Add to Destination List
Excessive Requests to Incidents
Search DNS Activity by Category
Top 10 Blocked Identities to ServiceNow
Cohesity Helios
Ransomware Alerts to SecureX
Ransomware Alerts to SecureX and ServiceNow
Ignore Anomalous Object
Restore Anomalous Object
Cybersecurity and Infrastructure Security Agency
Software Advisories to Webex
Duo Security
Block User
Configuration Audit
Investigate User
Email
Phishing Investigation
Phishing Investigation - Statistics
Fortinet FortiGate
Block URL, IP, or Domain
Request Threat Containment
Google Threat Analysis Group
Get New Blog Posts
Jamf Pro
Lock Computer
Lock Mobile Device
Kenna Security
Add Tag to Assets
Fixes to ServiceNow Incidents
Remove Tag from Assets
Microsoft Graph and Azure
Azure AD - Get Blocked Sign-Ins
Azure AD - Get New Users
Out of the Box Workflows
Host Isolation with Tier 2 Approval
Move Computer to Triage Group
Submit URL to Secure Malware Analytics
Take Forensic Snapshot and Isolate
Take Orbital Forensic Snapshot
Palo Alto Panorama
Block URL, IP, or Domain
Request Threat Containment
ServiceNow
Request Firewall NullRoute
Talos Intelligence
Get New Blog Posts
Single Blog Post to SecureX Casebook
SolarWinds Investigation
Tufin
IPS Alert Enrichment
Request Server Decommission
Request Threat Containment
Twitter
Tweets to Incidents
Want to Contribute?
GitHub Repository
Workflows
ServiceNow
ServiceNow
Table of contents
Request Firewall NullRoute