|
AI Playground
|
Anything LLM
|
— |
#1f8872 |
No |
|
AWS CloudTrail Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - AWS CloudTrail Misconfiguration v2 |
#2196F3 |
No |
|
AWS EC2 Instance Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - AWS EC2 Instance Misconfiguration v2 |
#8c9eff |
No |
|
AWS Guard Duty EC2 Finding
|
AWS - GuardDuty
|
— |
#C5EDFF |
No |
|
AWS Guard Duty IAM Finding
|
AWS - GuardDuty
|
— |
#C2ACF2 |
No |
|
AWS Guard Duty Kubernetes Finding
|
AWS - GuardDuty
|
— |
#D1FC40 |
No |
|
AWS Guard Duty Malware Protection Finding
|
AWS - GuardDuty
|
— |
#00F3E5 |
No |
|
AWS Guard Duty S3 Finding
|
AWS - GuardDuty
|
— |
#4DE406 |
No |
|
AWS IAM Policy Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - AWS IAM Policy Misconfiguration v2 |
#8052F3 |
No |
|
AWS Security Hub Finding
|
AWS - Security Hub
|
— |
#D5A2C1 |
No |
|
AbnormalSecurity
|
Abnormal Security
|
— |
#F8E7A5 |
No |
|
Access
|
Access Investigation
|
access_investigation_-_generic |
#B287FE |
No |
|
Agari Phishing Defense Policy Event
|
Agari Phishing Defense
|
Agari Message Remediation - Agari Phishing Defense |
#2196F3 |
No |
|
Argus Case
|
mnemonic MDR
|
Pull Case Metadata - Argus Managed Defence |
#ff7500 |
No |
|
Armis Alert
|
Armis
|
Armis Alert Enrichment |
#753ffa |
No |
|
Armorblox
|
Armorblox
|
Armorblox Needs Review |
#D6EB8D |
No |
|
Armorblox Abuse Mailbox Report
|
Armorblox
|
Armorblox Needs Review |
#E3FF88 |
No |
|
Armorblox Inbound Threat
|
Armorblox
|
Armorblox Needs Review |
#D4E8F1 |
No |
|
Armorblox Outbound Threat
|
Armorblox
|
Armorblox Needs Review |
#FF979A |
No |
|
Asimily Anomaly
|
Asimily Insight
|
Asimily Asset Info Enrich |
#C9C598 |
No |
|
Asimily CVE
|
Asimily Insight
|
Asimily Asset Info Enrich |
#A3C9FF |
No |
|
Ataya
|
Ataya
|
Ataya - Securely logging device access to network |
#F8E7A5 |
No |
|
Attack Surface
|
DeCYFIR
|
DeCYFIR - v1 |
#4cbded |
No |
|
Authentication
|
Common Types
|
— |
#8052F3 |
No |
|
Azure AKS Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - Azure AKS Misconfiguration v2 |
#18DEE5 |
No |
|
Azure Active Directory Identity and Access
|
Azure Active Directory Identity and Access (Deprecated)
|
— |
#4B897A |
No |
|
Azure DevOps
|
AzureDevOps
|
— |
#0097A7 |
No |
|
Azure Network Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - Azure Network Misconfiguration v2 |
#18DEE5 |
No |
|
Azure SQL Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - Azure SQL Misconfiguration v2 |
#18DEE5 |
No |
|
Azure Storage Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - Azure Storage Misconfiguration v2 |
#18DEE5 |
No |
|
Azure Storage Queue Incident
|
Azure Storage Queue
|
— |
#18DEE5 |
No |
|
BMC Change-Request
|
BMC Helix ITSM
|
— |
#E5CF7C |
No |
|
BMC Incident
|
BMC Helix ITSM
|
— |
#7A7A7A |
No |
|
BMC Problem Investigation incident
|
BMC Helix ITSM
|
— |
#69A536 |
No |
|
BMC Problem – Known Error
|
BMC Helix ITSM
|
— |
#7D3D63 |
No |
|
BMC Service Request
|
BMC Helix ITSM
|
— |
#00E5FF |
No |
|
BMC Task
|
BMC Helix ITSM
|
— |
#BA68C8 |
No |
|
BMC Work Order
|
BMC Helix ITSM
|
— |
#229BDC |
No |
|
Backup Copy Creation Time
|
Veeam App
|
— |
#AA00FF |
No |
|
Backup Server Security Status
|
Veeam App
|
— |
#C2ACF2 |
No |
|
BitSight Findings
|
Bitsight
|
— |
#5C6BC0 |
No |
|
Bmc Remedyforce Incident
|
Bmc Helix Remedyforce
|
— |
#ffd740 |
No |
|
Bmc Remedyforce Service Request
|
Bmc Helix Remedyforce
|
— |
#ffd740 |
No |
|
Box Incident
|
Box
|
— |
#418ae6 |
No |
|
BreachRx Privacy Incident
|
BreachRx
|
BreachRx - Create Incident and get Active Tasks |
#42a8d2 |
No |
|
Brute Force
|
Brute Force
|
Brute Force Investigation - Generic |
#a5bfd9 |
No |
|
C2Communication
|
Common Types
|
— |
#C2195B |
No |
|
CCTV
|
UnifiVideo NVR
|
CCTV Motion Detected |
#A3C9FF |
No |
|
CTF01
|
Capture The Flag - 01
|
CTF 1 - Get to know XSOAR8 |
#69A536 |
No |
|
CTF02
|
Capture The Flag - 02
|
CTF 2 - Classify an incident - RDP Brute force |
#B1EE95 |
No |
|
CTIX Intel
|
Cyware Intel Exchange
|
— |
#3A77B3 |
No |
|
Caldera Operation
|
MITRE Caldera
|
Caldera Operation |
#e50000 |
No |
|
Carbon Black EDR
|
Carbon Black Enterprise Response
|
Carbon Black EDR - Enrich Process |
#F8C89A |
No |
|
Carbon Black Endpoint Standard
|
Carbon Black Endpoint Standard
|
— |
#7C71F5 |
No |
|
Case
|
CaseManagement-Generic
|
Case Management - Generic v2 |
#ff7500 |
No |
|
Check Point NDR Insight
|
Check Point Infinity NDR
|
— |
#eb5c92 |
No |
|
Check Point XDR Incident
|
Check Point XDR
|
— |
#eb5c92 |
No |
|
CheckPointHEC Restore Request
|
Check Point Harmony Email and Collaboration (HEC)
|
— |
#171f2c |
No |
|
CheckPointHEC Security Event
|
Check Point Harmony Email and Collaboration (HEC)
|
— |
#ee0c5d |
No |
|
Chronicle Asset Alert
|
Google SecOps
|
— |
#A3C9FF |
No |
|
Chronicle Curated Rule Detection
|
Google SecOps
|
— |
#cd5c5c |
No |
|
Chronicle IOC Domain Matches
|
Google SecOps
|
Threat Hunting - Chronicle |
#90A4AE |
No |
|
Chronicle Rule Detection
|
Google SecOps
|
— |
#cd5c5c |
No |
|
Chronicle User Alert
|
Google SecOps
|
— |
#5C6BC0 |
No |
|
CimTrak Incident
|
CimTrak - System Integrity Assurance
|
CimTrak - Example - Analyze Intrusion |
#01A2EC |
No |
|
Cisco ESA Spam Quarantine
|
Cisco Email Security Appliance (IronPort)
|
— |
#EEC1C1 |
No |
|
Cisco SMA Spam Quarantine
|
CiscoSMA
|
— |
#EEC1C1 |
No |
|
Claroty Integrity Incident
|
Claroty
|
Claroty Incident |
#2979FF |
No |
|
Claroty Security Incident
|
Claroty
|
Claroty Incident |
#fe5723 |
No |
|
Claroty xDome Alert
|
Claroty xDome
|
— |
#8E00B0 |
No |
|
Cloud Threat Response Incident
|
Proofpoint Cloud Threat Response
|
— |
#34D8FF |
No |
|
Code42 Security Alert
|
Code42
|
Code42 Exfiltration Playbook |
#fe5723 |
No |
|
Cofense Triage Report
|
Cofense Triage
|
Report Categorization - Cofense Triage v3 |
#EDFE41 |
No |
|
Cohesity Helios Ransomware Incident
|
Cohesity Helios
|
— |
#229D80 |
No |
|
Commvault Suspicious File Activity
|
Commvault Cloud
|
Commvault Suspicious File Activity Remediation |
#F8E7A5 |
No |
|
ConcentricAI Security Event
|
ConcentricAI
|
ConcentricAI Demo Playbook |
#90A4AE |
No |
|
Configuration Backup
|
Veeam App
|
— |
#229D80 |
No |
|
Configuration Setup
|
XSOAR CI/CD
|
Configuration Setup |
#753ffa |
No |
|
Confluera Incident
|
Confluera
|
IQ-HUB Automation |
#ff7500 |
No |
|
Content Update Check
|
XSOAR Content Update Notifications
|
Content Update Check |
#64B5F6 |
No |
|
Content Update Manager
|
XSOAR Content Update Notifications
|
Content Update Manager |
#2A4AA8 |
No |
|
Cortex Data Lake Monitoring
|
PAN-OS to Strata Logging Service Monitoring
|
PAN-OS to Cortex Data Lake Monitoring - Cron Job |
#D74315 |
No |
|
Cortex XDR - Lite
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR Lite - Incident Handling |
#4DE406 |
No |
|
Cortex XDR - XCLOUD
|
Cortex XDR by Palo Alto Networks
|
— |
#7A7A7A |
No |
|
Cortex XDR - XCLOUD Cryptomining
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR - XCloud Cryptojacking |
#98DCFF |
No |
|
Cortex XDR Device Control Violations
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR device control violations |
#6200EA |
No |
|
Cortex XDR Disconnected endpoints
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR disconnected endpoints |
#64B5F6 |
No |
|
Cortex XDR Incident
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR incident handling v3 |
#6200EA |
No |
|
Cortex XDR Incident - CTF
|
Capture The Flag - 01
|
Cortex XDR incident handling v3 CTF |
#9FA8DA |
No |
|
Cortex XDR Port Scan
|
Cortex XDR by Palo Alto Networks
|
Cortex XDR - Port Scan |
#e91d63 |
No |
|
CrowdStrike Falcon Detection
|
CrowdStrike Falcon
|
— |
#7C71F5 |
No |
|
CrowdStrike Falcon IDP Detection
|
CrowdStrike Falcon
|
— |
#7C71F5 |
No |
|
CrowdStrike Falcon IOA Event
|
CrowdStrike Falcon
|
— |
#E3FF88 |
No |
|
CrowdStrike Falcon IOM Event
|
CrowdStrike Falcon
|
— |
#FF979A |
No |
|
CrowdStrike Falcon Incident
|
CrowdStrike Falcon
|
— |
#fe5253 |
No |
|
CrowdStrike Falcon Intelligence Recon notification
|
CrowdStrike Falcon
|
— |
#e5cf7c |
No |
|
CrowdStrike Falcon Mobile Detection
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon NGSIEM Automated Lead
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon NGSIEM Case
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon NGSIEM Detection
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon NGSIEM Incident
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon OFP Detection
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon On-Demand Scans Detection
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
CrowdStrike Falcon Third Party Detection
|
CrowdStrike Falcon
|
— |
#E5CF7C |
No |
|
Crowdstrike Command And Scripting
|
CrowdStrike Falcon
|
CrowdStrike Falcon - T1059 - Command and Scripting Interpreter |
#69A536 |
No |
|
Cryptosim Correlation Alerts
|
Cryptosim
|
— |
#3d8b10 |
No |
|
CyCognito Issue
|
CyCognito
|
— |
#D6EB8D |
No |
|
CybelAngel
|
CybelAngel
|
— |
#F8E7A5 |
No |
|
CyberBlindspot Incident
|
CTM360
|
CyberBlindspot Incident Management V3 |
#9A1C20 |
No |
|
Cyberint Incident
|
Cyberint
|
— |
#80DEEA |
No |
|
Cyberpion Security Alert
|
Cyberpion
|
Cyberpion Domain State |
#536DFE |
No |
|
Cybersixgill Actionable Alerts
|
Cybersixgill Actionable Alerts
|
— |
#3E5CBC |
No |
|
Cyble Intel Alert
|
Cyble Events (Deprecated)
|
Cyble Intel Alert |
#F8E7A5 |
No |
|
Cyble Vision Alert V2
|
CybleEventsV2
|
— |
#F8E7A5 |
No |
|
Cymptom Mitigations
|
Cymptom
|
— |
#AA00FF |
No |
|
Cymulate
|
Cymulate
|
— |
#0277BD |
No |
|
Cymulate Assessment Findings
|
Cymulate
|
Cymulate IOC Findings Mitigation |
#EEC1C1 |
No |
|
Cymulate Immediate Threats
|
Cymulate
|
Cymulate Immediate Threats |
#fe5253 |
No |
|
Cypho Critical Ports Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#B0E22A |
No |
|
Cypho Dark Web Exposure Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#80DEEA |
No |
|
Cypho Dns Information Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#F06292 |
No |
|
Cypho Email Dns Records Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#B0E22A |
No |
|
Cypho Exploitable Ports Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#00E5CC |
No |
|
Cypho File Sharing Services Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#4A3E01 |
No |
|
Cypho Github Secrets Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#0E28C6 |
No |
|
Cypho IM Platform Suspicious Content
|
Cypho Threat Intelligence
|
Cypho Default |
#3C64C5 |
No |
|
Cypho Improper Access Control
|
Cypho Threat Intelligence
|
Cypho Default |
#CE3434 |
No |
|
Cypho Injection Attacks
|
Cypho Threat Intelligence
|
Cypho Default |
#98DCFF |
No |
|
Cypho Insecure Subdomains Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#A0D2C6 |
No |
|
Cypho Malware Analysis Services Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#F493B6 |
No |
|
Cypho PII Exposure Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#F8B7EC |
No |
|
Cypho Phishing Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#D693F9 |
No |
|
Cypho Rogue Mobile Application Detection
|
Cypho Threat Intelligence
|
Cypho Default |
#F8C89A |
No |
|
Cypho SSL Certificate Expiry Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#D5A2C1 |
No |
|
Cypho SSL Certificate Hostname Mismatch Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#D4E8F1 |
No |
|
Cypho Security Misconfiguration
|
Cypho Threat Intelligence
|
Cypho Default |
#F8E7A5 |
No |
|
Cypho Sensitive Data Exposure Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#CFD0D0 |
No |
|
Cypho Social Media Account Impersonation Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#D6EB8D |
No |
|
Cypho URL and Domain Analysis Services Monitoring
|
Cypho Threat Intelligence
|
Cypho Default |
#92F4EF |
No |
|
Cypho Unclassified Incident
|
Cypho Threat Intelligence
|
Cypho Default |
#FF979A |
No |
|
Cypho Under Review Issues
|
Cypho Threat Intelligence
|
Cypho Default |
#E3FF88 |
No |
|
Cyren Inbox Security
|
Cyren Inbox Security
|
Cyren Inbox Security Default |
#A3C9FF |
No |
|
DSPM Risk Findings
|
DSPM
|
DSPM Multi-Cloud Risk Remediation |
#D4E8F1 |
No |
|
Darkmon Compromised Credential
|
Darkmon
|
Darkmon - Compromised Credentials Sweep |
#FFA500 |
No |
|
Darkmon Compromised Employee
|
Darkmon
|
Darkmon - Compromised Employee Auto-Disable |
#FFA500 |
No |
|
Darkmon Critical CVE
|
Darkmon
|
Darkmon - Critical CVE Pipeline |
#FF0000 |
No |
|
Darkmon Ransomware Mention
|
Darkmon
|
Darkmon - Ransomware Victim Response |
#FF0000 |
No |
|
Darkmon Typosquatting Threat
|
Darkmon
|
Darkmon - Brand-Targeted NRD Watch |
#FFA500 |
No |
|
Darkmon VIP Email Leak
|
Darkmon
|
Darkmon - VIP Email Monitor |
#FFA500 |
No |
|
Darktrace AI Analyst Event
|
Darktrace
|
Darktrace Basic AI Analyst Event Handler |
#D6EB8D |
No |
|
Darktrace ASM Risk
|
DarktraceASM
|
Darktrace ASM Basic Risk Handler |
#D4E8F1 |
No |
|
Darktrace Email
|
Darktrace
|
Darktrace Email Basic Email Handler |
#E3FF88 |
No |
|
Darktrace Model Breach
|
Darktrace
|
Handle Darktrace Model Breach |
#418ae6 |
No |
|
Darktrace Model Breach Alert
|
Darktrace
|
Darktrace Basic Model Breach Handler |
#D6EB8D |
No |
|
Data Breach & Web Monitoring
|
DeCYFIR
|
DeCYFIR - v1 |
#78e7b4 |
No |
|
Data Loss Prevention
|
Enterprise DLP by Palo Alto Networks
|
DLP Incident Feedback Loop |
#F50057 |
No |
|
DataBee Finding
|
DataBee
|
— |
#CFD0D0 |
No |
|
Datadog Cloud SIEM
|
Datadog Cloud SIEM
|
— |
#AA00FF |
No |
|
Datadog Cloud SIEM V2
|
Datadog Cloud SIEM
|
— |
#AA00FF |
No |
|
Dataminr Pulse Alert
|
Dataminr Pulse
|
Retrieve Related Alerts - Dataminr Pulse |
#FF3F81 |
No |
|
Dataminr Pulse ReGenAI Alert
|
Dataminr Pulse
|
Enrich Custom IOCs - Dataminr Pulse |
#F06292 |
No |
|
Defacement
|
Common Types
|
— |
#FA99D0 |
No |
|
DevSecOps New Git PR
|
DevSecOps
|
DevSecOps - Fetch PR - Triage |
#03b0ff |
No |
|
DeviceLost
|
Lost / Stolen Device
|
Lost / Stolen Device Playbook |
#ADE901 |
No |
|
Digital Guardian Security Event
|
Digital Guardian
|
Digital Guardian Demo Playbook |
#fd5bde |
No |
|
Digital Shadows Client Incident
|
ReliaQuest Digital Risk Protection
|
Digital Shadows - IoC Assessment & Enrichment |
#5c5c8b |
No |
|
Digital Shadows Intelligence Incident
|
ReliaQuest Digital Risk Protection
|
Digital Shadows - IoC Assessment & Enrichment |
#3bceaf |
No |
|
DoS
|
Common Types
|
— |
#00C853 |
No |
|
DomainTools Iris Detect Blocked Domains
|
DomainTools Iris Detect
|
— |
#F50057 |
No |
|
DomainTools Iris Detect Changed Domains
|
DomainTools Iris Detect
|
— |
#E57373 |
No |
|
DomainTools Iris Detect New Domains
|
DomainTools Iris Detect
|
— |
#D1FC40 |
No |
|
DomainTools Iris Monitor Domains - Iris Search Hash
|
DomainTools Iris Investigate
|
DomainTools Associate Indicator to Incident |
#01A2EC |
No |
|
DomainTools Iris Monitor Domains - Iris Tags
|
DomainTools Iris Investigate
|
DomainTools Associate Indicator to Incident |
#989898 |
No |
|
Doppel Alert Crypto
|
Doppel
|
Doppel Screenshot Preview |
#CD034C |
No |
|
Doppel Alert Domains
|
Doppel
|
Doppel Screenshot Preview |
#9FA8DA |
No |
|
Doppel Alert Ecommerce
|
Doppel
|
Doppel Screenshot Preview |
#4B897A |
No |
|
Doppel Alert Email
|
Doppel
|
Doppel Screenshot Preview |
#7D28A7 |
No |
|
Doppel Alert Mobile_Apps
|
Doppel
|
Doppel Screenshot Preview |
#3D8EB3 |
No |
|
Doppel Alert Paid_Ads
|
Doppel
|
Doppel Screenshot Preview |
#E46BCD |
No |
|
Doppel Alert Social_Media
|
Doppel
|
Doppel Screenshot Preview |
#EEC1C1 |
No |
|
Elasticsearch
|
Elasticsearch
|
— |
#CFD0D0 |
No |
|
Email Communication
|
Email Communication
|
— |
#f06292 |
No |
|
Employee Health Check
|
Crisis Management
|
Employee Status Survey |
#32d296 |
No |
|
Employee Offboarding
|
Employee Offboarding
|
IT - Employee Offboarding |
#9eabcd |
No |
|
Enterprise Application Backup
|
Veeam App
|
— |
#D1FC40 |
No |
|
Exabeam Incident
|
Exabeam Advanced Analytics
|
— |
#F8E7A5 |
No |
|
Exabeam Notable User
|
Exabeam Advanced Analytics
|
— |
#A3C9FF |
No |
|
Exabeam Platform Case
|
Exabeam Security Operations Platform
|
— |
#9FA8DA |
No |
|
Exfiltration
|
Common Types
|
— |
#1EE8B5 |
No |
|
Expanse Appearance
|
Expanse (Deprecated)
|
ExpanseParseRawIncident |
#03b0ff |
No |
|
Expanse Behavior
|
Expanse (Deprecated)
|
Expanse Behavior Severity Update |
#c403ff |
No |
|
Expanse Issue
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
Handle Expanse Incident |
#418ae6 |
No |
|
Exploit
|
Common Types
|
— |
#2979FF |
No |
|
ExtraHop Detection
|
ExtraHop Reveal(x)
|
ExtraHop - Default |
#54CEC7 |
No |
|
F5 Silverline L7 DDoS Events
|
F5 Silverline
|
— |
#5C6BC0 |
No |
|
F5 Silverline Threat Intelligence Events
|
F5 Silverline
|
— |
#3F51B5 |
No |
|
F5 Silverline WAF Events
|
F5 Silverline
|
— |
#536DFE |
No |
|
F5 Silverline iRule Events
|
F5 Silverline
|
— |
#6200EA |
No |
|
FW change management
|
Change Management
|
Change Management |
#000000 |
No |
|
FireEye EX Alert
|
FireEye Email Security (EX)
|
— |
#753ffb |
No |
|
FireEye HX Alert
|
FireEye HX
|
— |
#F8E7A5 |
No |
|
FireEye NX Alert
|
FireEye Network Security (NX)
|
— |
#753ffa |
No |
|
FireEye NX IPS Event
|
FireEye Network Security (NX)
|
— |
#753ffa |
No |
|
FireMon Policy Planner
|
FireMon Security Manager
|
FireMon Create Policy Planner Ticket |
#64dc17 |
No |
|
FireMon Pre Change Assessment
|
FireMon Security Manager
|
FireMon Pre Change Assessment |
#fea743 |
No |
|
FirewallUpgrade
|
PAN-OS by Palo Alto Networks
|
NetOps - Upgrade PAN-OS Firewall Device |
#32d296 |
No |
|
Flashpoint Alerts
|
Flashpoint
|
— |
#FB8C00 |
No |
|
Flashpoint Compromised Credentials
|
Flashpoint
|
Compromised Credentials Match - Flashpoint |
#F9A825 |
No |
|
Forensic Acquisition And Analysis
|
Windows Forensics
|
Acquire And Analyze Host Forensics |
#3F51B5 |
No |
|
Forescout EyeInspect
|
Forescout EyeInspect
|
— |
#418ae6 |
No |
|
FortiSIEM
|
FortiSIEM
|
— |
#C5FE01 |
No |
|
FraudWatch Incident
|
FraudWatch PhishPortal
|
— |
#536DFE |
No |
|
FreshworksFreshservice Change Request
|
Freshworks Freshservice
|
— |
#D4E8F1 |
No |
|
FreshworksFreshservice Problem Request
|
Freshworks Freshservice
|
— |
#D5A2C1 |
No |
|
FreshworksFreshservice Release Request
|
Freshworks Freshservice
|
— |
#FF979A |
No |
|
FreshworksFreshservice Ticket
|
Freshworks Freshservice
|
— |
#CD034C |
No |
|
G Suite Security Alert Center
|
G Suite Security Alert Center
|
— |
#e55100 |
No |
|
GCP Compute Engine Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - GCP Compute Engine Misconfiguration v2 |
#18DEE5 |
No |
|
GCP Kubernetes Engine Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration v2 |
#2979FF |
No |
|
GDPR Data Breach
|
GDPR
|
GDPR Breach Notification |
#a3c9ff |
No |
|
GIB APT Threat
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Attacks DDOS
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#E46BCD |
No |
|
GIB Attacks Deface
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#CE9057 |
No |
|
GIB Attacks Phishing Group
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Attacks Phishing Kit
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#E5CF7C |
No |
|
GIB Brand Protection Phishing
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Brand Protection Phishing Kit
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Compromised Account
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Compromised Account Group
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Compromised Card
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Compromised Card Group
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#A3C9FF |
No |
|
GIB Compromised Masked Card
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Compromised Mule
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Cybercriminal Threat
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Cybercriminal Threat Actor
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB DRP Violation
|
Group-IB Digital Risk Protection
|
— |
#01A2EC |
No |
|
GIB Data Breach
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB Malware
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#4B897A |
No |
|
GIB Malware CNC
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#00E5FF |
No |
|
GIB Nation-State Cybercriminals Threat
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Nation-State Cybercriminals Threat Actor
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB OSI Git Leak
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB OSI Public Leak
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GIB OSI Vulnerability
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#7D28A7 |
No |
|
GIB SPD
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Suspicious IP Open Proxy
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#69A536 |
No |
|
GIB Suspicious IP Scanner
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Suspicious IP Socks Proxy
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#7D3D63 |
No |
|
GIB Suspicious IP TOR Node
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#7A7A7A |
No |
|
GIB Suspicious IP VPN
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#AA00FF |
No |
|
GIB Targeted Malware
|
Group-IB Threat Intelligence
|
Incident Postprocessing - Group-IB Threat Intelligence & Attribution |
#8052f3 |
No |
|
GLPI Incident
|
GLPI
|
— |
#7C71F5 |
No |
|
GLPI Request
|
GLPI
|
— |
#7C71F5 |
No |
|
GRACase
|
Gurucul Risk Analytics
|
GRACase |
#AA00FF |
No |
|
Gatewatcher Alert Incident
|
Gatewatcher AionIQ
|
— |
#ff1435 |
No |
|
Gatewatcher Incident
|
Gatewatcher AionIQ
|
— |
#ff1435 |
No |
|
Gem Alert
|
Gem
|
— |
#32EAC2 |
No |
|
Generic Export Indicators Service Change
|
Generic Export Indicators Service
|
Modify EDL |
#9FA8DA |
No |
|
GenericSQL Record
|
GenericSQL
|
— |
#F8E7A5 |
No |
|
Gigamon ThreatINSIGHT Detection
|
Gigamon ThreatINSIGHT
|
— |
#F8E7A5 |
No |
|
Google Cloud SCC Finding
|
Google Cloud SCC
|
— |
#81D4FA |
No |
|
Google Dorking
|
Google Dorking
|
Google Dorking File Processing |
#54CEC7 |
No |
|
Google Drive Activity
|
Google Drive
|
— |
#1ee8b5 |
No |
|
Google Threat Intelligence ASM Issue
|
GoogleThreatIntelligence
|
ASM Issue Incident Response - Google Threat Intelligence |
#C9C598 |
No |
|
Google Threat Intelligence DTM Alert
|
GoogleThreatIntelligence
|
DTM Alert Incident Response - Google Threat Intelligence |
#0171c2 |
No |
|
Google Threat Intelligence RS Alert
|
GoogleThreatIntelligence
|
— |
#0171c2 |
No |
|
Grafana Alert
|
Grafana
|
— |
#FF8411 |
No |
|
Graph Security Alert
|
Microsoft Graph Security
|
— |
#E5CF7C |
No |
|
GravityZone EDR
|
GravityZone
|
— |
#85c8ff |
No |
|
GravityZone XDR
|
GravityZone
|
— |
#38a5ff |
No |
|
GreatHorn Phishing
|
GreatHorn
|
— |
#7C71F5 |
No |
|
Guardicore Incident
|
Akamai GuardiCore
|
— |
#bb4cf2 |
No |
|
HIPAA Breach Notification
|
HIPAA - Breach Notification
|
HIPAA - Breach Notification |
#fd5bde |
No |
|
HR Ticket
|
Crisis Management
|
— |
#ffd740 |
No |
|
HackerOne Report
|
HackerOne
|
— |
#D6EB8D |
No |
|
HackerView Incident
|
CTM360
|
HackerView Incident Management |
#9A1C90 |
No |
|
Hello World Alert
|
HelloWorld
|
Handle Hello World Alert |
#80DEEA |
No |
|
Hoxhunt BEC
|
Hoxhunt
|
Hoxhunt - Enrich Incident |
#FF8411 |
No |
|
Hoxhunt Campaign
|
Hoxhunt
|
Hoxhunt - Enrich Incident |
#f50000 |
Yes |
|
Hoxhunt User Acted
|
Hoxhunt
|
Hoxhunt - Enrich Incident |
#D6EB8D |
No |
|
Hunt
|
Common Types
|
— |
#FE2C8C |
No |
|
Hurukai alert
|
HarfangLab EDR
|
Hurukai - Alert management |
#2A4AA8 |
No |
|
Hurukai threat
|
HarfangLab EDR
|
— |
#2A4AA8 |
No |
|
IBM QRadar SOAR Incident
|
IBM Security QRadar SOAR
|
— |
#F8E7A5 |
No |
|
IT Ticket
|
Crisis Management
|
— |
#ffd740 |
No |
|
Ignite Alert
|
Flashpoint
|
— |
#fb8521 |
No |
|
IllusionBLACK
|
Smokescreen IllusionBLACK
|
Smokescreen IllusionBLACK Default |
#9eabcd |
No |
|
Illusive Networks Incident
|
Illusive Networks
|
— |
#ff7500 |
No |
|
Immutability Change Tracking
|
Veeam App
|
— |
#fe4f8c |
No |
|
Immutability State
|
Veeam App
|
— |
#925269 |
No |
|
Impersonation & Infringement
|
DeCYFIR
|
DeCYFIR - v1 |
#FF979A |
No |
|
Impossible Traveler
|
Impossible Traveler
|
Impossible Traveler |
#fefe01 |
No |
|
Incident Fetch Error
|
Veeam App
|
— |
#BA68C8 |
No |
|
Incremental Backup Size
|
Veeam App
|
— |
#2a063b |
No |
|
Indeni Incident
|
Indeni
|
Indeni Demo |
#9FA8DA |
No |
|
Indicator Feed
|
Common Types
|
— |
#A3C9FF |
No |
|
Infinipoint Compliant
|
Infinipoint
|
— |
#CFD8DC |
No |
|
Infinipoint NotCompliant
|
Infinipoint
|
— |
#fe5253 |
No |
|
Infoblox Cloud DNS Security Event
|
Infoblox Threat Defense with DDI
|
— |
#B287FE |
No |
|
Infoblox Cloud SOC Insight
|
Infoblox Threat Defense with DDI
|
Incident Response - Infoblox Cloud |
#229D80 |
No |
|
Integration Troubleshooting
|
Troubleshoot
|
Integration Troubleshooting |
#2196F3 |
No |
|
Integrations and Incidents Health Check
|
Integrations & Incidents Health Check
|
JOB - Integrations and Incidents Health Check |
#fa99d0 |
No |
|
Intel 471 Watcher Alert
|
Intel471 Feed
|
— |
#d6002f |
No |
|
IoT Alert
|
IoT by Palo Alto Networks
|
PANW IoT Incident Handling with ServiceNow |
#a5bfd9 |
No |
|
IoT Vulnerability
|
IoT by Palo Alto Networks
|
PANW IoT Incident Handling with ServiceNow |
#a5bfd9 |
No |
|
IronDefense Alert Notification
|
IronNet
|
— |
#B2B7B9 |
No |
|
IronDefense Event Notification
|
IronNet
|
— |
#989898 |
No |
|
IronDefense IronDome Notification
|
IronNet
|
— |
#90A4AE |
No |
|
Ironscales
|
Ironscales
|
Ironscales-Classify-Incident |
#7C71F5 |
No |
|
Jira Create Issue and Mirror
|
Atlassian Jira
|
Create Jira Issue |
#2A4AA8 |
No |
|
Jira Incident
|
Atlassian Jira
|
— |
#A3C9FF |
No |
|
JiraV3 Incident
|
Atlassian Jira
|
— |
#FF979A |
No |
|
Jizo Alert
|
JizoM
|
— |
#ffe703 |
No |
|
Job
|
Common Types
|
— |
#FF1D1E |
No |
|
Job Disabling
|
Veeam App
|
— |
#284abe |
No |
|
Job Duration
|
Veeam App
|
— |
#4e1d2e |
No |
|
Job Duration Deviation (Veeam Backup for Microsoft 365)
|
Veeam App
|
— |
#443663 |
No |
|
Lacework Alert
|
Lacework
|
— |
#00aeef |
No |
|
Lacework Event
|
Lacework
|
— |
#00aeef |
No |
|
Lateral Movement
|
Common Types
|
— |
#FF6318 |
No |
|
LogPoint Incident
|
LogPoint SIEM Integration
|
— |
#536DFE |
No |
|
Logrhythm Alarm
|
LogRhythm
|
Logrhythm Alarm Handling |
#fe5253 |
No |
|
Logrhythm Case
|
LogRhythm
|
— |
#7C71F5 |
No |
|
Logz.io Alert
|
Logz.io
|
Logz.Io Handle Alert |
#418ae6 |
No |
|
Lumu
|
Lumu
|
— |
#f98c27 |
No |
|
MITRE ATT&CK CoA
|
MITRE ATT&CK - Courses of Action
|
MITRE ATT&CK - Courses of Action |
#64B5F6 |
No |
|
Malware
|
Malware Core
|
Endpoint Malware Investigation - Generic V2 |
#80DEEA |
No |
|
Malware Detection - Antivirus Scan
|
Veeam App
|
— |
#E57373 |
No |
|
Malware Detection - Deleted Files
|
Veeam App
|
— |
#A62572 |
No |
|
Malware Detection - Encrypted Files
|
Veeam App
|
— |
#FED22C |
No |
|
Malware Detection - Ransomware Notes
|
Veeam App
|
— |
#2A4AA8 |
No |
|
Malware Detection - Renamed Files
|
Veeam App
|
— |
#C2ACF2 |
No |
|
Malware Detection - Suspicious Files and Extensions
|
Veeam App
|
— |
#F50057 |
No |
|
Malware Detection - Unknown
|
Veeam App
|
— |
#989898 |
No |
|
Malware Detection - Yara Scan
|
Veeam App
|
— |
#FF8411 |
No |
|
Malware Detection Change Tracking
|
Veeam App
|
— |
#862449 |
No |
|
Malware Investigation and Response
|
Malware Investigation and Response
|
Malware Investigation & Response Incident Handler |
#CD034C |
No |
|
Mandiant Advantage ASM Issue
|
Mandiant Advantage Attack Surface Management
|
— |
#D693F9 |
No |
|
Mandiant Automated Defense Incident
|
Mandiant Automated Defense
|
— |
#69A636 |
No |
|
MicroFocus SMAX Incident
|
MicroFocus SMAX
|
— |
#F8C89A |
No |
|
MicroFocus SMAX Request
|
MicroFocus SMAX
|
— |
#F8B7EC |
No |
|
Microsoft 365 Defender Incident
|
Microsoft 365 Defender
|
— |
#F8C89A |
No |
|
Microsoft ATA Suspicious Activity
|
Microsoft Advanced Threat Analytics
|
— |
#00C853 |
No |
|
Microsoft CAS Alert
|
Microsoft Defender for Cloud Apps
|
— |
#fe5253 |
No |
|
Microsoft Defender For Endpoint
|
Microsoft Defender for Endpoint
|
— |
#F8E7A5 |
No |
|
Microsoft Graph Identity and Access
|
Microsoft Graph Identity and Access
|
— |
#4B897A |
No |
|
Microsoft Sentinel Incident
|
Microsoft Sentinel
|
— |
#C9C598 |
No |
|
MobileIron Cloud Device Incident
|
MobileIron-UEM
|
MobileIron Cloud Incident Action Playbook |
#3172B3 |
No |
|
MobileIron Core Device Incident
|
MobileIron-UEM
|
MobileIron Core Incident Action Playbook |
#EC1D3A |
No |
|
NCSC CAF Assessment
|
NCSC Cyber Asssessment Framework
|
NCSC CAF Assessment |
#32d296 |
No |
|
NIST
|
NIST
|
NIST - Handling an Incident Template |
#03B0FF |
No |
|
Neosec Incident
|
Neosec
|
— |
#F8E7A5 |
No |
|
NetWitness Incident
|
NetWitness
|
— |
#F8E7A5 |
No |
|
Netcraft Attack
|
Netcraft
|
— |
#01A2EC |
No |
|
Netscout Arbor Sightline Alert
|
Netscout Arbor Sightline
|
— |
#295AFF |
No |
|
Netskope Alert
|
Netskope
|
— |
#229D80 |
No |
|
Netskope Behavior Analytics
|
Netskope
|
— |
#4DE406 |
No |
|
Netskope Compromised Credentials
|
Netskope
|
— |
#F50057 |
No |
|
Netskope DLP
|
Netskope
|
— |
#D1FC40 |
No |
|
Netskope DLP Incident
|
Netskope
|
— |
#A3C9FF |
No |
|
Netskope Event
|
Netskope
|
— |
#989898 |
No |
|
Netskope Legal Hold
|
Netskope
|
— |
#C2ACF2 |
No |
|
Netskope Malicious Sites
|
Netskope
|
— |
#E57373 |
No |
|
Netskope Malware
|
Netskope
|
— |
#ff0000 |
No |
|
Netskope Quarantine
|
Netskope
|
— |
#2A4AA8 |
No |
|
Network
|
Common Types
|
— |
#FDE42E |
No |
|
News Type
|
Popular Cybersecurity News
|
JOB - Popular News |
#20B358 |
No |
|
Nutanix Hypervisor Alert
|
Nutanix Hypervisor
|
— |
#3F51B5 |
No |
|
OTSecurity Rogue Device Found
|
OTSecurity
|
OTSecurity - Rogue Device Investigation |
#92F4EF |
No |
|
OpsGenie Alert
|
OpsGenie
|
— |
#F493B6 |
No |
|
OpsGenie Incident
|
OpsGenie
|
— |
#D693F9 |
No |
|
Orca Alert
|
Orca
|
— |
#418ae6 |
No |
|
PAN-OS Correlation Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS Data Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS Decryption Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS System Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS Threat Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS Traffic Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS URL Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS Wildfire Submissions Log Incident
|
PAN-OS by Palo Alto Networks
|
— |
#f1dd12 |
No |
|
PAN-OS logging to Cortex Data Lake - Action Required
|
PAN-OS to Strata Logging Service Monitoring
|
PAN-OS logging to Cortex Data Lake - Action Required |
#FF3F81 |
No |
|
PANW IoT 3rd Party Cisco ISE Quarantine
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration |
#7C71F5 |
No |
|
PANW IoT 3rd Party Cisco ISE Un-quarantine
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Un-quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration |
#536DFE |
No |
|
PANW IoT 3rd Party SIEM Alert
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Export Single Asset to SIEM - PANW IoT 3rd Party Integration |
#8052F3 |
No |
|
PANW IoT 3rd Party SIEM Vulnerability
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Export Single Asset to SIEM - PANW IoT 3rd Party Integration |
#9FA8DA |
No |
|
PANW IoT 3rd Party ServiceNow Alert
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Export Single Alert to ServiceNow - PANW IoT 3rd Party Integration |
#7C71F5 |
No |
|
PANW IoT 3rd Party ServiceNow Vulnerability
|
IoT 3rd Party Integrations by Palo Alto Networks (Deprecated)
|
Export Single Vulnerability to ServiceNow - PANW IoT 3rd Party Integration |
#536DFE |
No |
|
PCAP Analysis
|
PCAP Analysis
|
— |
#DBDBDB |
No |
|
Panorama Best Practice Assessment
|
Best Practice Assessment (BPA) by Palo Alto Networks (Deprecated)
|
Comprehensive PAN-OS Best Practice Assessment (Deprecated) |
#CFD8DC |
No |
|
PanoramaThreatCoverage
|
PAN-OS by Palo Alto Networks
|
NetOps Panorama coverage by CVE |
#b02c83 |
No |
|
Panorays Finding
|
Panorays
|
— |
#0D5C8A |
No |
|
Password Reset via Chatbot
|
Password Reset via Chatbot
|
Reset User Password via Chatbot |
#D4E8F1 |
No |
|
Pentera Insight
|
Pentera
|
— |
#418ae6 |
No |
|
PhishER
|
PhishER
|
— |
#F50057 |
No |
|
PhishUp
|
PhishUp
|
PhishUp Mail Scanner |
#3AD1D6 |
No |
|
Phishing
|
Phishing
|
Phishing - Generic v3 |
#3AD1D6 |
No |
|
Phishing Alerts
|
PhishingAlerts
|
Phishing Alerts Investigation |
#B7B7B7 |
No |
|
Phishing Campaign
|
Phishing Campaign
|
— |
#c2195b |
No |
|
Physical Machine Backup
|
Veeam App
|
— |
#7c1e56 |
No |
|
PingCastle
|
PingCastle
|
SX - PC - PingCastle Report |
#3F51B5 |
No |
|
Policy Optimizer
|
PAN-OS Policy Optimizer (beta)
|
Policy Optimizer - Generic |
#7D28A7 |
No |
|
Policy Violation
|
Common Types
|
— |
#0097A7 |
No |
|
Port Scan
|
Port Scan
|
— |
#fe5253 |
No |
|
Possible Malware Activity
|
Veeam App
|
— |
#605a2a |
No |
|
Post Intrusion Ransomware
|
Ransomware
|
Post Intrusion Ransomware Investigation |
#64B5F6 |
No |
|
Prisma Cloud
|
Prisma Cloud by Palo Alto Networks
|
— |
#8052F3 |
No |
|
Prisma Cloud - VM Alert Prioritization
|
Prisma Cloud by Palo Alto Networks
|
Prisma Cloud - VM Alert Prioritization |
#54CEC7 |
No |
|
Prisma Cloud Compute Audit
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Audit Alert |
#A3C9FF |
No |
|
Prisma Cloud Compute Audit v2
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Audit Alert v2 |
#A3C9FF |
No |
|
Prisma Cloud Compute Audit v3
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Audit Alert v3 |
#A3C9FF |
No |
|
Prisma Cloud Compute Cloud Discovery
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Cloud Discovery Alert |
#64B5F6 |
No |
|
Prisma Cloud Compute Compliance
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Compliance Alert |
#03B0FF |
No |
|
Prisma Cloud Compute Compliance v2
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Compliance Alert v2 |
#03B0FF |
No |
|
Prisma Cloud Compute Reporting
|
Prisma Cloud Compute Reporting (Deprecated)
|
Prisma Cloud Compute Vulnerability and Compliance Reporting |
#7D28A7 |
No |
|
Prisma Cloud Compute Vulnerability
|
Prisma Cloud Compute by Palo Alto Networks
|
Prisma Cloud Compute - Vulnerability Alert |
#2196F3 |
No |
|
Proactive Threat Hunting
|
Proactive Threat Hunting
|
Proactive Threat Hunting |
#F8E7A5 |
No |
|
Proofpoint TAP - Click Blocked
|
Proofpoint TAP
|
— |
#4DB6AC |
No |
|
Proofpoint TAP - Click Permitted
|
Proofpoint TAP
|
— |
#0097A7 |
No |
|
Proofpoint TAP - Message Blocked
|
Proofpoint TAP
|
— |
#0097A7 |
No |
|
Proofpoint TAP - Message Delivered
|
Proofpoint TAP
|
— |
#64DC17 |
No |
|
Pull Request Creation
|
XSOAR CI/CD
|
Pull Request Creation - Generic |
#C5EDFF |
No |
|
Pull Request Update
|
XSOAR CI/CD
|
Pull Request Creation - Generic |
#D6EB8D |
No |
|
QSS SOC Monitoring
|
Quantum Security Systems
|
— |
#5C6BC0 |
No |
|
Qintel - QWatch Alert
|
Qintel
|
Process QWatch Alert - Qintel |
#3a5278 |
No |
|
Qradar Generic
|
IBM QRadar
|
QRadar Generic |
#7C71F5 |
No |
|
Qualys-Fim
|
QualysFIM
|
— |
#039BE5 |
No |
|
Quick Start Use Case
|
Use Case Builder
|
Quick Start Main Playbook |
#A3C9FF |
No |
|
RDP Sessions Hunting
|
RDPCacheHunting
|
RDP Bitmap Cache - Detect and Hunt |
#CFD0D0 |
No |
|
RF Classic Alert
|
Recorded Future
|
— |
#CE9057 |
No |
|
RF Data Leakage on Code Repo Playbook Alert
|
Recorded Future
|
— |
#E5CF7C |
No |
|
RF Domain Abuse Playbook Alert
|
Recorded Future
|
— |
#7A7A7A |
No |
|
RF Facility Risk Playbook Alert
|
Recorded Future
|
— |
#69A536 |
No |
|
RF Playbook Alert
|
Recorded Future
|
— |
#69A536 |
No |
|
RF Third-Party Cyber Playbook Alert
|
Recorded Future
|
— |
#7D3D63 |
No |
|
RF Vulnerability Playbook Alert
|
Recorded Future
|
— |
#00E5FF |
No |
|
RaDark
|
KELA RaDark
|
Get RaDark Detailed Items |
#536DFE |
No |
|
Ransomware
|
Ransomware
|
Ransomware Playbook - Manual |
#AA00FF |
No |
|
Rapid Breach Response
|
Rapid Breach Response
|
— |
#6200EA |
No |
|
Rapid7 InsightIDR Alert
|
Rapid7 InsightIDR
|
— |
#B7E7FF |
No |
|
Rapid7 ThreatCommand Alert
|
Rapid7 - Threat Command (IntSights)
|
Retrieve Alert Attachments - Rapid7 ThreatCommand |
#CFD0D0 |
No |
|
Reconnaissance
|
Common Types
|
— |
#3F51B5 |
No |
|
Recorded Future ASI Alert
|
Recorded Future Attack Surface Intelligence
|
— |
#0071cf |
No |
|
Recorded Future Alert
|
Recorded Future Intelligence
|
— |
#0071cf |
No |
|
Recorded Future Code Repo Leakage
|
Recorded Future Intelligence
|
Recorded Future Playbook Alert Details |
#92F4EF |
No |
|
Recorded Future Domain Abuse
|
Recorded Future Intelligence
|
Recorded Future Domain Abuse |
#D4E8F1 |
No |
|
Recorded Future Identity (Deprecated)
|
Recorded Future Identity
|
Recorded Future Identity - Identity Found (incident) |
#F8E7A5 |
No |
|
Recorded Future Identity Exposure
|
Recorded Future Identity
|
Recorded Future - Identity Exposure |
#EEC1C1 |
No |
|
Recorded Future Leaked Credential Monitoring
|
Recorded Future Intelligence
|
— |
#0071cf |
No |
|
Recorded Future New Critical or Pre NVD Vulnerabilities
|
Recorded Future Intelligence
|
— |
#0071cf |
No |
|
Recorded Future Playbook Alert
|
Recorded Future Intelligence
|
Recorded Future Playbook Alert Details |
#B1EE95 |
No |
|
Recorded Future Potential Typosquat
|
Recorded Future Intelligence
|
— |
#0071cf |
No |
|
Recorded Future Vulnerability
|
Recorded Future Intelligence
|
Recorded Future Vulnerability |
#92F4EF |
No |
|
Reliaquest GreyMatter DRP Incident
|
ReliaQuest Digital Risk Protection
|
— |
#A0D2C6 |
No |
|
Reliaquest Takedown Incident
|
ReliaQuest Digital Risk Protection
|
— |
#EEC1C1 |
No |
|
Repository Capacity
|
Veeam App
|
— |
#4DE406 |
No |
|
Review Indicators Manually
|
TIM - Indicator Auto-Processing
|
TIM - Review Indicators Manually |
#90A4AE |
No |
|
Review Indicators Manually For Allowlisting
|
TIM - Indicator Auto-Processing
|
TIM - Review Indicators Manually For Allowlisting |
#4CAF50 |
No |
|
RiskIQ Asset Management
|
RiskIQ Digital Footprint
|
Enrich Incident With Asset Details - RiskIQ Digital Footprint |
#03b0ff |
No |
|
Rubrik DSPM Violation
|
Rubrik Security Cloud
|
Rubrik DSPM Violation Remediation - Rubrik Security Cloud |
#AEA0C6 |
No |
|
Rubrik IR Violation
|
Rubrik Security Cloud
|
Rubrik IR Violation Remediation - Rubrik Security Cloud |
#F8B7EC |
No |
|
Rubrik Radar
|
Rubrik Security Cloud
|
Rubrik Anomaly Incident Response - Rubrik Polaris |
#7C71F5 |
No |
|
Rubrik Threat Monitoring Object
|
Rubrik Security Cloud
|
— |
#F06292 |
No |
|
SANS
|
SANS
|
— |
#69A636 |
No |
|
SOCRadar Generic
|
SOCRadar
|
SOCRadar Incident |
#5C6BC0 |
No |
|
SSL Certificates
|
SSL Certificates
|
SSL_Certificate_Verification |
#00E5FF |
No |
|
SaaS Data Leakage
|
Reco
|
— |
#dd4b4b |
No |
|
Saas Security Incident
|
SaaS Security by Palo Alto Networks
|
Saas Security - Incident Processor |
#D4E8F1 |
No |
|
SafeBreach Insight
|
SafeBreach - Breach and Attack Simulation platform
|
— |
#753ffa |
No |
|
SafeBreach Simulation
|
SafeBreach - Breach and Attack Simulation platform
|
— |
#18DEE5 |
No |
|
SafeNet Trusted Access Account Lockout Alert
|
Thales SafeNet Trusted Access
|
SafeNet Trusted Access - Terminate User SSO Sessions |
#B7E7FF |
No |
|
SafeNet Trusted Access Push Reject Alert
|
Thales SafeNet Trusted Access
|
SafeNet Trusted Access - Add to Unusual Activity Group |
#00E5FF |
No |
|
SailPoint IdentityIQ Alert
|
SailPoint IdentityIQ
|
— |
#012168 |
No |
|
SailPoint IdentityNow Trigger
|
SailPoint IdentityNow
|
— |
#012168 |
No |
|
SecurityScorecard Alert
|
SecurityScorecard
|
— |
#52989e |
No |
|
Securonix Incident
|
Securonix
|
Update Incident Status And Fetch Attachments - Securonix |
#3D8EB3 |
No |
|
Securonix Threat
|
Securonix
|
Fetch All Violations - Securonix |
#4DB6AC |
No |
|
Sekoia XDR
|
SekoiaXDR
|
— |
#CFD0D0 |
No |
|
SentinelOne Incident
|
SentinelOne
|
— |
#295AFF |
No |
|
Sepio Systems
|
Sepio
|
— |
#753ffa |
No |
|
ServiceNow Create Ticket and Mirror
|
ServiceNow
|
— |
#A3C9FF |
No |
|
ServiceNow SIR Incident
|
ServiceNow
|
— |
#00F3E5 |
No |
|
ServiceNow Ticket
|
ServiceNow
|
— |
#7C71F5 |
No |
|
Shadow IT
|
Shadow IT
|
Handle Shadow IT Incident |
#a737f4 |
No |
|
Shift handover
|
Shift Management
|
Shift handover |
#418ae6 |
No |
|
SimpleDebugger
|
Simple Debugger
|
— |
#FBBA3B |
No |
|
Simulation
|
Common Types
|
— |
#F9FF10 |
No |
|
Skyhigh Security Alert
|
Skyhigh Security SSE
|
— |
#80DEEA |
No |
|
Skyhigh Security Threat
|
Skyhigh Security SSE
|
— |
#80DEEA |
No |
|
Social & Public Exposure
|
DeCYFIR
|
DeCYFIR - v1 |
#fdd549 |
No |
|
Social Engineering Domain Investigation
|
Social Engineering Domain Analysis
|
Social Engineering Domain Investigation |
#B0E22A |
No |
|
SolarWinds Alert
|
SolarWinds
|
— |
#50EB07 |
No |
|
SolarWinds Event
|
SolarWinds
|
— |
#AED581 |
No |
|
Sophos Central Incident
|
Sophos Central
|
— |
#2979FF |
No |
|
SpecterOpsBHE Attack Path
|
SpecterOpsBHE
|
SpecterOpsBHE |
#bed474 |
No |
|
SpecterOpsBloodHoundEnterprise Attack Path
|
SpecterOpsBloodHoundEnterprise
|
SpecterOpsBloodHoundEnterprise |
#bed474 |
No |
|
Splunk Finding
|
Splunk
|
Splunk Generic |
#F8E7A5 |
No |
|
Splunk Investigation
|
Splunk
|
— |
#A5D8F8 |
No |
|
Splunk Notable Generic
|
Splunk
|
Splunk Generic |
#F8E7A5 |
No |
|
SpyCloud Breach Data
|
SpyCloud Enterprise Protection
|
SpyCloud - Breach Investigation |
#E3FF88 |
No |
|
SpyCloud Informative Data
|
SpyCloud Enterprise Protection
|
— |
#B1EE95 |
No |
|
SpyCloud Malware Data
|
SpyCloud Enterprise Protection
|
SpyCloud - Malware Incident Enrichment |
#92F4EF |
No |
|
Stamus Networks DoC
|
Stamus
|
Stamus Networks - Get Extra Data |
#92F4EF |
No |
|
Stellar Cyber Case
|
Stellar Cyber
|
— |
#0f1740 |
No |
|
Sumo Logic Insight
|
Sumo Logic Cloud SIEM
|
— |
#295AFF |
No |
|
Sumo Logic Signal
|
Sumo Logic Cloud SIEM
|
— |
#AA00FF |
No |
|
Suspicious Domain Hunting Incident
|
Suspicious Domain Hunting
|
Suspicious Domain Hunting Incident Handling |
#F8E7A5 |
No |
|
Symantec DLP Discover Incident
|
Symantec Data Loss Prevention
|
— |
#F8E7A5 |
No |
|
Symantec DLP Endpoint Incident
|
Symantec Data Loss Prevention
|
— |
#CFD0D0 |
No |
|
Symantec DLP Network Incident
|
Symantec Data Loss Prevention
|
— |
#D6EB8D |
No |
|
Symantec EDR Event
|
Symantec Endpoint Detection and Response
|
— |
#E46BCD |
No |
|
Symantec EDR Incident
|
Symantec Endpoint Detection and Response
|
— |
#295AFF |
No |
|
Symantec Email Security Cloud Incident
|
SymantecEmailSecurity
|
— |
#9FA8DA |
No |
|
Symantec Email Security Cloud Quarantine
|
SymantecEmailSecurity
|
— |
#7D3D63 |
No |
|
SysAid Change
|
SysAid
|
— |
#CFD0D0 |
No |
|
SysAid Incident
|
SysAid
|
— |
#F8E7A5 |
No |
|
SysAid Problem
|
SysAid
|
— |
#D6EB8D |
No |
|
SysAid Request
|
SysAid
|
— |
#D5A2C1 |
No |
|
Sysdig Runtime Event
|
Sysdig Response Actions
|
Sysdig Trigger System Capture |
#B1EE95 |
No |
|
System Diagnostics and Health Check
|
System Diagnostics and Health Check
|
HealthCheck |
#5C6BC0 |
No |
|
TD Incident
|
NTT Cyber Threat Sensor
|
Handle TD events |
#CFD8DC |
No |
|
TIM - Campaign
|
TIM Campaign Tracking
|
TIM - Intel Tracking |
#FA99D0 |
No |
|
TOPdesk Incident
|
TOPdesk
|
— |
#7C71F5 |
No |
|
Tanium TR Incident
|
Tanium Threat Response
|
— |
#F8E7A5 |
No |
|
TheHive
|
TheHive Project
|
— |
#FB8C00 |
No |
|
Thinkst Canary Incident
|
Thinkst Canary
|
Enrich ThinkstCanary Events |
#F8E7A5 |
No |
|
Threat Vault Release notes
|
Threat Vault by Palo Alto Networks
|
— |
#FBBA3B |
No |
|
ThreatConnect
|
ThreatConnect
|
— |
#F8E7A5 |
No |
|
Tidy install
|
Tidy
|
Tidy install content |
#64dc17 |
No |
|
Traps
|
Palo Alto Networks Traps (Deprecated)
|
Palo Alto Networks - Endpoint Malware Investigation |
#32d296 |
No |
|
Trellix Incident
|
Trellix Email Security - Cloud
|
— |
#E5CF7C |
No |
|
Trello
|
Trello
|
Trello - Generic |
#00B8D4 |
No |
|
Trend Micro CAS Event
|
TrendAI™ Cloud App Security
|
— |
#fe5253 |
No |
|
Trend Micro Vision One XDR Incident
|
TrendAI Vision One™
|
— |
#cc0000 |
No |
|
Tripwire File Change
|
Tripwire
|
Tripwire Incident IP Enrichment |
#9575CD |
No |
|
UBIRCH Authenticity
|
UBIRCH
|
— |
#7C71F5 |
No |
|
UBIRCH Integrity
|
UBIRCH
|
— |
#536DFE |
No |
|
UBIRCH Privacy
|
UBIRCH
|
— |
#3F51B5 |
No |
|
UBIRCH Sequence
|
UBIRCH
|
— |
#5C6BC0 |
No |
|
US Breach Notification
|
US - Breach Notification
|
US - Breach Notification |
#e91d63 |
No |
|
USTA Account Takeover Prevention
|
USTA Cyber Threat Intelligence Platform
|
USTA Account Takeover Prevention Employee Credential Incident |
#02111A |
No |
|
USTA Stolen Credit Card
|
USTA Cyber Threat Intelligence Platform
|
— |
#7ADFD3 |
No |
|
Uncover Unknown Malware Using SSDeep
|
Uncover Unknown Malware Using SSDeep
|
Uncover Unknown Malware Using SSDeep |
#B1EE95 |
No |
|
UnitTesting
|
Content Testing
|
UnitTestTopLevel |
#3D8EB3 |
No |
|
UnknownBinary
|
Common Types
|
— |
#FE2CD6 |
No |
|
Use Case Builder
|
Use Case Builder
|
Use Case Builder |
#009B3B |
No |
|
Varonis DSP Incident
|
Varonis Data Security Platform
|
— |
#538eca |
No |
|
Varonis SaaS Incident
|
Varonis SaaS
|
— |
#538eca |
No |
|
Vectra Account
|
Vectra AI
|
Process Incident - Vectra Detect |
#FF9800 |
No |
|
Vectra Detection
|
Vectra AI
|
— |
#71C5E8 |
No |
|
Vectra Host
|
Vectra AI
|
Process Incident - Vectra Detect |
#76BC43 |
No |
|
Vectra RUX Events Detection
|
Vectra RUX
|
— |
#98DCFF |
No |
|
Vectra XDR Entity
|
Vectra XDR
|
Process Incident - Vectra XDR |
#B1EE95 |
No |
|
Virtual Machine Backup
|
Veeam App
|
— |
#1f5649 |
No |
|
Virtual Machine Replica
|
Veeam App
|
— |
#8c7b94 |
No |
|
VirusTotal Intelligence LiveHunt Notification
|
VirusTotal
|
— |
#CFD0D0 |
No |
|
Vulnerability
|
Common Types
|
— |
#81D4FA |
No |
|
Wiz Issue
|
Wiz
|
Assess Wiz Issues |
#1084df |
No |
|
WizDefend Detection
|
Wiz
|
Assess WizDefend Detections |
#0C97AD |
No |
|
XDR Best Practice Assessment
|
XDR Best Practice Assessment
|
— |
#FBBA3B |
No |
|
XM Cyber Choke Point
|
XM Cyber
|
Endpoint Enrichment By EntityId - XM Cyber |
#39A681 |
No |
|
XM Cyber Critical Asset
|
XM Cyber
|
Endpoint Enrichment By EntityId - XM Cyber |
#275726 |
No |
|
XM Cyber Security Score
|
XM Cyber
|
Create Jira Ticket - XM Cyber |
#0277BD |
No |
|
XM Cyber Technique
|
XM Cyber
|
— |
#64dc17 |
No |
|
XMCO Serenety Alert
|
XMCO
|
— |
00A9CE |
No |
|
XSOAR Dev to Prod
|
XSOAR - Simple Dev to Prod
|
JOB - XSOAR - Export Selected Custom Content |
#F06292 |
No |
|
XSOAR Training
|
Use Case Builder
|
— |
#E46BCD |
No |
|
Xpanse Alert
|
Cortex Xpanse
|
— |
#3C64C5 |
No |
|
Xpanse Alert
|
Cortex Xpanse
|
Xpanse - Alert Handler |
#3C64C5 |
No |
|
Xpanse Issue - Generic
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
Xpanse Incident Handling - Generic |
#418ae7 |
No |
|
ZTAP Alert
|
Zero Trust Analytics Platform
|
ZTAP Alert |
#0096d6 |
No |
|
Zendesk Ticket
|
Zendesk
|
— |
#CE3434 |
No |
|
ZeroFox Key Incident
|
ZeroFox
|
— |
#e7282b |
No |
|
Zerohack Incident
|
Zerohack XDR
|
— |
#CFD0D0 |
No |
|
Zimperium Event
|
Zimperium
|
Zimperium Incident Enrichment |
#2979FF |
No |
|
google cloud IDS
|
Cloud-IDS
|
Cloud IDS-IP Blacklist-GCP Firewall_Combine |
#F8E7A5 |
No |
|
iDSAR
|
Inventa
|
DSAR Inventa Handler |
#2A4AA8 |
No |