Adlumin

the adlumin connector enables streamlined integration with adlumin's security platform, facilitating automated data retrieval and analysis for enhanced threat detection and response adlumin delivers a cutting edge security and compliance automation platform, designed to provide comprehensive visibility into an organization's cybersecurity posture the adlumin turbine connector enables users to seamlessly integrate adlumin's rich security data into swimlane's low code automation workflows by leveraging this connector, users can automate the retrieval and analysis of detections, device data, endpoint information, and network insights, enhancing their ability to rapidly respond to threats and maintain compliance the integration empowers security teams to efficiently manage and analyze large volumes of security data, streamline incident response, and bolster their overall security operations limitations none to date supported versions this connector supports the latest version of the adlumin api additional docs none to date configuration prerequisites to effectively utilize the adlumin connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication url the base endpoint for adlumin's api services api key a unique identifier to authenticate requests to adlumin's api tenant id the specific tenant domain within adlumin to scope api access authentication methods api key authentication for the adlumin api with the following parameters url the base endpoint for adlumin api access api key your unique identifier to authenticate with the adlumin api tenant id the specific identifier for your organization within adlumin capabilities this adlumin connector provides the following capabilities get detections get device data get endpoint data query complete endpoint data query detections query device data query endpoint data query firewall query network data get detections searches across all detections within the adlumin platform, including detections that have been acknowledged and/or suppressed from the dashboard get device data ingest all device data get endpoint data ingest all endpoint data query complete endpoint data search all endpoint data along with endpoint security, carbon black, and cylance indexes query detections search all detections in adlumin platform query device data search all device data indexes query endpoint data search all adlumin data points on windows and linux systems query firewall search the firewall device data index query network data search across firewall, network security devices, and vpn indexes configurations adlumin api key authentication authenticates using an api key and tenant id for the adlumin api configuration parameters parameter description type required url a url to the target host string required x api key adlumin api key string required tenant id adlumin tenant id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get detections retrieves all detections from the adlumin platform, including acknowledged or suppressed ones, based on query and record pages parameters endpoint url v1/detections method get input argument name type required description parameters query string required priority level of the detections (low, medium, high, or critical) parameters record pages number required the number of pages of 1000 records to ingest input example {"parameters" {"query" "critical","record pages" 2}} output parameter type description status code number http status code of the response reason string response reason phrase records returned number output field records returned total records number output field total records records array output field records records detection id number unique identifier records detection type string type of the resource records detection sub type object type of the resource records event time string time value records source host string output field records source host records destination host string output field records destination host records account used string output field records account used records alert type string type of the resource records severity string output field records severity records acknowledged boolean output field records acknowledged records acknowledged by string output field records acknowledged by output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"records returned" 3,"total records" 3,"records" \[{}]}} get device data ingest comprehensive device data from adlumin, with the option to specify the number of record pages endpoint url v1/device data method get input argument name type required description parameters record pages number required the number of pages of 1000 records to ingest input example {"parameters" {"record pages" 2}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get endpoint data ingest comprehensive endpoint data from adlumin, with the option to specify record pagination endpoint url v1/endpoint data method get input argument name type required description parameters record pages number required the number of pages of 1000 records to ingest input example {"parameters" {"record pages" 2}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query complete endpoint data retrieve comprehensive endpoint data, including endpoint security, carbon black, and cylance indexes from adlumin endpoint url v1/complete endpoint data method get input argument name type required description parameters start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) parameters end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"start" "2019 01 01 00 00 00","end" "2023 01 01 00 00 00","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query detections executes a search for all detections within the adlumin platform using a specified query parameter endpoint url v1/detections method get input argument name type required description parameters query string required search query string; match all records containing the string parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"query" "critical","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query device data retrieve comprehensive device data from all indexes within the adlumin platform endpoint url v1/device data method get input argument name type required description parameters query string optional search query string; match all records containing the string parameters start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) parameters end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"query" "critical","start" "2019 01 01 00 00 00","end" "2023 01 01 00 00 00","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query endpoint data retrieve comprehensive data points from windows and linux systems within the adlumin platform endpoint url v1/endpoint data method get input argument name type required description parameters start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) parameters end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"start" "2019 01 01 00 00 00","end" "2023 01 01 00 00 00","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query firewall retrieve indexed data from a firewall device within the adlumin platform, facilitating targeted searches endpoint url v1/firewall method get input argument name type required description parameters start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) parameters end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"start" "2019 01 01 00 00 00","end" "2023 01 01 00 00 00","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} query network data executes a search across firewall, network security devices, and vpn indexes in adlumin to retrieve relevant data endpoint url v1/network data method get input argument name type required description parameters query string optional search query string; match all records containing the string parameters start string optional match records created after this date/time (yyyy mm dd hh\ mm \ ss ) parameters end string optional match records created before this date/time (yyyy mm dd hh\ mm \ ss ) parameters scroll id string optional use to get subsequent records when more than 1000 are returned get it from the first call to that endpoint input example {"parameters" {"query" "critical","start" "2019 01 01 00 00 00","end" "2023 01 01 00 00 00","scroll id" "dnf1zxj5vghlbkzldgnofa"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt