RedCanary

Red Canary collects endpoint data using Carbon Black Response and CrowdStrike Falcon. The collected data is standardized into a common schema which allows teams to detect, analyze and respond to security incidents.

Deception & Breach Simulation · Red Canary

Configuration parameters

  • domain — Domain (for example, https://demisto.my.redcanary.co) (required)
  • api_key — API Key
  • api_key_creds
  • isFetch — Fetch incidents
  • isFetchAcknowledged — Fetch acknowledged incidents
  • incidentType — Incident type
  • fetch_time — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)
  • fetch_limit — Maximum number of incidents to pull per fetch

Commands (8)

  • redcanary-acknowledge-detection

    Mark a detection as acknowledged to inform that it's being handled.

  • redcanary-execute-playbook

    Execute a predefined playbook on a detection.

  • redcanary-get-detection

    Get a detection by unique identifier.

  • redcanary-get-endpoint

    Get an endpoint by unique identifier.

  • redcanary-get-endpoint-detections

    Get a list of detections associated with the endpoint.

  • redcanary-list-detections

    Get a list of confirmed detections.

  • redcanary-list-endpoints

    Get a list of endpoints.

  • redcanary-update-remediation-state

    Update the remediation state of a detection.