Covalence For Security Providers
Triggers by any alert from endpoint, cloud, and network security monitoring, with mitigation steps where applicable. Query Covalence for more detail.
Endpoint · Covalence For Security Providers
Configuration parameters
broker— Brokerhost— Host (required)credentials— Credentials (required)verify_ssl— Verify SSLtimeout— Timeoutfirst_run_time_range— First run time rangefetch_limit— Fetch limitproxy— Use system proxy settingsisFetch— Fetch incidentsfirst_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)incidentType— Incident typemax_fetch— Fetch limit
Commands (14)
-
cov-secpr-connections-summary-ipList summarized connections details by IP Address.
-
cov-secpr-connections-summary-portList summarized connections details by Port.
-
cov-secpr-find-endpoint-agents-by-userList endpoint agents where the last session user is the one provided as parameter.
-
cov-secpr-find-endpoint-agents-by-uuidFind the endpoint agent with the UUID provided as parameter.
-
cov-secpr-get-sensorGet sensor details when provided with the sensor id.
-
cov-secpr-list-alertsLists Covalence alerts.
-
cov-secpr-list-dns-resolutionsList summarized connections details by Port.
-
cov-secpr-list-endpoint-agentsList endpoint agents.
-
cov-secpr-list-internal-networksList internal networks.
-
cov-secpr-list-organizationsList monitored organizations, only available in broker mode.
-
cov-secpr-list-sensorsLists Covalence sensors.
-
cov-secpr-search-endpoint-installed-softwareSearch for endpoint installed software.
-
cov-secpr-search-endpoint-processSearch processes by name or advanced filter, at least one parameter is required.
-
cov-secpr-set-internal-networksSet internal networks.