Covalence For Security Providers

Triggers by any alert from endpoint, cloud, and network security monitoring, with mitigation steps where applicable. Query Covalence for more detail.

Endpoint · Covalence For Security Providers

Configuration parameters

  • broker — Broker
  • host — Host (required)
  • credentials — Credentials (required)
  • verify_ssl — Verify SSL
  • timeout — Timeout
  • first_run_time_range — First run time range
  • fetch_limit — Fetch limit
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • incidentType — Incident type
  • max_fetch — Fetch limit

Commands (14)

  • cov-secpr-connections-summary-ip

    List summarized connections details by IP Address.

  • cov-secpr-connections-summary-port

    List summarized connections details by Port.

  • cov-secpr-find-endpoint-agents-by-user

    List endpoint agents where the last session user is the one provided as parameter.

  • cov-secpr-find-endpoint-agents-by-uuid

    Find the endpoint agent with the UUID provided as parameter.

  • cov-secpr-get-sensor

    Get sensor details when provided with the sensor id.

  • cov-secpr-list-alerts

    Lists Covalence alerts.

  • cov-secpr-list-dns-resolutions

    List summarized connections details by Port.

  • cov-secpr-list-endpoint-agents

    List endpoint agents.

  • cov-secpr-list-internal-networks

    List internal networks.

  • cov-secpr-list-organizations

    List monitored organizations, only available in broker mode.

  • cov-secpr-list-sensors

    Lists Covalence sensors.

  • cov-secpr-search-endpoint-installed-software

    Search for endpoint installed software.

  • cov-secpr-search-endpoint-process

    Search processes by name or advanced filter, at least one parameter is required.

  • cov-secpr-set-internal-networks

    Set internal networks.