RedCanary
Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon. The collected data is standardized into a common schema which allows teams to detect, analyze and respond to security incidents.
Deception & Breach Simulation · Red Canary
Configuration parameters
domain— Domain (for example, https://demisto.my.redcanary.co) (required)api_key— API Keyapi_key_creds—isFetch— Fetch incidentsisFetchAcknowledged— Fetch acknowledged incidentsincidentType— Incident typefetch_time— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)proxy— Use system proxy settingsinsecure— Trust any certificate (not secure)fetch_limit— Maximum number of incidents to pull per fetch
Commands (8)
-
redcanary-acknowledge-detectionMark a detection as acknowledged to inform that it's being handled.
-
redcanary-execute-playbookExecute a predefined playbook on a detection.
-
redcanary-get-detectionGet a detection by unique identifier.
-
redcanary-get-endpointGet an endpoint by unique identifier.
-
redcanary-get-endpoint-detectionsGet a list of detections associated with the endpoint.
-
redcanary-list-detectionsGet a list of confirmed detections.
-
redcanary-list-endpointsGet a list of endpoints.
-
redcanary-update-remediation-stateUpdate the remediation state of a detection.