Adlumin

the adlumin connector enables streamlined integration with adlumin's security platform, facilitating automated data retrieval and analysis for enhanced threat detection and response adlumin delivers a cutting edge security and compliance automation platform, designed to provide comprehensive visibility into an organization's cybersecurity posture the adlumin turbine connector enables users to seamlessly integrate adlumin's rich security data into swimlane's low code automation workflows by leveraging this connector, users can automate the retrieval and analysis of detections, device data, endpoint information, and network insights, enhancing their ability to rapidly respond to threats and maintain compliance the integration empowers security teams to efficiently manage and analyze large volumes of security data, streamline incident response, and bolster their overall security operations limitations none to date supported versions this connector supports the latest version of the adlumin api additional docs none to date configuration prerequisites to effectively utilize the adlumin connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication url the base endpoint for adlumin's api services api key a unique identifier to authenticate requests to adlumin's api tenant id the specific tenant domain within adlumin to scope api access authentication methods adlumin api key authentication api key authentication for the adlumin api with the following parameters url the base endpoint for adlumin api access api key your unique identifier to authenticate with the adlumin api tenant id the specific identifier for your organization within adlumin capabilities this adlumin connector provides the following capabilities get detections get device data get endpoint data query complete endpoint data query detections query device data query endpoint data query firewall query network data get detections searches across all detections within the adlumin platform, including detections that have been acknowledged and/or suppressed from the dashboard get device data ingest all device data get endpoint data ingest all endpoint data query complete endpoint data search all endpoint data along with endpoint security, carbon black, and cylance indexes query detections search all detections in adlumin platform query device data search all device data indexes query endpoint data search all adlumin data points on windows and linux systems query firewall search the firewall device data index query network data search across firewall, network security devices, and vpn indexes configurations adlumin api key authentication authenticates using an api key and tenant id for the adlumin api configuration parameters parameter description type required url a url to the target host string required x api key adlumin api key string required tenant id adlumin tenant id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get detections retrieves all detections from the adlumin platform, including acknowledged or suppressed ones, based on query and record pages parameters endpoint url v1/detections method get input argument name type required description query string required priority level of the detections (low, medium, high, or critical) record pages number required the number of pages of 1000 records to ingest output parameter type description status code number http status code of the response reason string response reason phrase records returned number output field records returned total records number output field total records records array output field records detection id number unique identifier detection type string type of the resource detection sub type object type of the resource event time string time value source host string output field source host destination host string output field destination host account used string output field account used alert type string type of the resource severity string output field severity acknowledged boolean output field acknowledged acknowledged by string output field acknowledged by example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "records returned" 3, "total records" 3, "records" \[] } } ] get device data ingest comprehensive device data from adlumin, with the option to specify the number of record pages endpoint url v1/device data method get input argument name type required description record pages number required the number of pages of 1000 records to ingest output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get endpoint data ingest comprehensive endpoint data from adlumin, with the option to specify record pagination endpoint url v1/endpoint data method get input argument name type required description record pages number required the number of pages of 1000 records to ingest output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query complete endpoint data retrieve comprehensive endpoint data, including endpoint security, carbon black, and cylance indexes from adlumin endpoint url v1/complete endpoint data method get input argument name type required description start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query detections executes a search for all detections within the adlumin platform using a specified query parameter endpoint url v1/detections method get input argument name type required description query string required search query string; match all records containing the string scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query device data retrieve comprehensive device data from all indexes within the adlumin platform endpoint url v1/device data method get input argument name type required description query string optional search query string; match all records containing the string start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query endpoint data retrieve comprehensive data points from windows and linux systems within the adlumin platform endpoint url v1/endpoint data method get input argument name type required description start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query firewall retrieve indexed data from a firewall device within the adlumin platform, facilitating targeted searches endpoint url v1/firewall method get input argument name type required description start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] query network data executes a search across firewall, network security devices, and vpn indexes in adlumin to retrieve relevant data endpoint url v1/network data method get input argument name type required description query string optional search query string; match all records containing the string start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ]