Skip to content

WithSecure

WithSecure

Interact with WithSecure Elements

Configuration

Name Type Description
client_id string Client identifier
secret string API secret to authenticate

Actions

Add comment on Incident

Add comment on Incident.

Arguments

Name Type Description
target string Incident identifier to comment.
comment string Comment.

Outputs

Name Type Description
items array

Enumerate processes

Enumerate processes.

Arguments

Name Type Description
organization_id string UUID of an organization.
target string Device identifier on which action is created.

Outputs

Name Type Description
id string

Isolate Device From Network

Isolate a device from network connections.

Arguments

Name Type Description
target string Device identifier of the computer to isolate.
message string Optional message that is displayed on isolated device.

Outputs

Name Type Description
multistatus array
transactionId string

Kill process

Kill process.

Arguments

Name Type Description
organization_id string UUID of an organization.
target string Device identifier on which action is created.
match string Strategy used to match processes (processId,processName,processNameRegex,processPath,processPathRegex)
process_match_values array List of values that are used to match process to kill. Depending on selected strategy it might be list of identifiers, names or regular expressions.
process_memory_dump boolean Whether to run memory dump on process before killing it.
memory_dump_flag string full - memory dump includes all accessible memory of process, pmem - only information necessary to capture process' stack traces

Outputs

Name Type Description
id string

Kill thread

Kill thread.

Arguments

Name Type Description
organization_id string UUID of an organization.
target string Device identifier on which action is created.
thread_id integer Thread ID

Outputs

Name Type Description
id string

List Detections For Incident

List Detections For Incident.

Arguments

Name Type Description
target string Incident identifier to list detections.

Outputs

Name Type Description
detections array

List devices

Retrieves devices details.

Arguments

Name Type Description
organization_id string UUID of an organization. If organizationId is missing, default organization of authenticated client is used.

Outputs

Name Type Description
devices array

Release Device From Network Isolation

Release a device from network isolation.

Arguments

Name Type Description
target string Device identifier of the computer to release.

Outputs

Name Type Description
multistatus array
transactionId string

Scan Device For Malware

Scan Device For Malware.

Arguments

Name Type Description
target string Device identifier to scan for malware.

Outputs

Name Type Description
multistatus array
transactionId string

Update status on Incident

Update status on Incident.

Arguments

Name Type Description
target string Incident identifier to update.
status string Status.
resolution string Resolution.

Outputs

Name Type Description
multistatus string
transactionId string

Extra

Module WithSecure v2.16.1