Armis Intelligence Center

17 min

this connector is a data enrichment & threat intelligence product that provides the ability to enrich details on cve's, threats and devices information asset setup the connector can be authenticated as shown below api key authentication, which requires an url , and an api key as input parameters capabilities this connector provides the following capabilities search cve search device search threat api documentation link armis security api documentation link https //docs ic armis com/reference/get cve search configurations armis intelligence center api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions search cve searches cve endpoint url /api/v1/cve/ search method get input argument name type required description from number optional parameter for search cve length number optional parameter for search cve groupby array optional parameter for search cve calculate array optional parameter for search cve orderby array optional parameter for search cve timestamp array optional parameter for search cve timestamp\[lt] array optional parameter for search cve timestamp\[le] array optional parameter for search cve timestamp\[ge] array optional parameter for search cve timestamp\[gt] array optional parameter for search cve timestamp\[eq] array optional parameter for search cve id array optional unique identifier id\[like] array optional unique identifier id\[nlike] array optional unique identifier id\[eq] array optional unique identifier id\[ne] array optional unique identifier description array optional parameter for search cve description\[like] array optional parameter for search cve description\[nlike] array optional parameter for search cve description\[eq] array optional parameter for search cve description\[ne] array optional parameter for search cve severity array optional parameter for search cve severity\[lt] array optional parameter for search cve severity\[le] array optional parameter for search cve severity\[ge] array optional parameter for search cve output parameter type description status code number http status code of the response reason string response reason phrase items object output field items timestamp string output field timestamp id string unique identifier description string output field description severity string output field severity score number score value published string output field published matchstatus string status value weaponized boolean output field weaponized hasransomware boolean output field hasransomware reportedbygooglezerodays boolean output field reportedbygooglezerodays cisaduedate string date value numberofreferences number output field numberofreferences numberofthreatactors number output field numberofthreatactors device industry string output field device industry device group string output field device group device category string output field device category device type string type of the resource device brand string output field device brand device model string output field device model device osname string name of the resource device osversion string output field device osversion device ostitle string output field device ostitle example \[ { "status code" 200, "reason" "ok", "json body" { "items" {}, "count" 100, "total" 200, "next" 10, "prev" 10 } } ] search device search device endpoint url /api/v1/device/ search method get input argument name type required description from number optional parameter for search device length number optional parameter for search device groupby array optional parameter for search device calculate array optional parameter for search device orderby array optional parameter for search device timestamp array optional parameter for search device timestamp\[lt] array optional parameter for search device timestamp\[le] array optional parameter for search device timestamp\[ge] array optional parameter for search device timestamp\[gt] array optional parameter for search device timestamp\[eq] array optional parameter for search device industry array optional parameter for search device industry\[ne] array optional parameter for search device industry\[eq] array optional parameter for search device group array optional parameter for search device group\[ne] array optional parameter for search device group\[eq] array optional parameter for search device category array optional parameter for search device category\[ne] array optional parameter for search device category\[eq] array optional parameter for search device type array optional type of the resource type\[ne] array optional type of the resource type\[eq] array optional type of the resource brand array optional parameter for search device brand\[like] array optional parameter for search device output parameter type description status code number http status code of the response reason string response reason phrase items object output field items timestamp string output field timestamp industry string output field industry group string output field group category string output field category type string type of the resource brand string output field brand model string output field model osname string name of the resource osversion string output field osversion ostitle string output field ostitle share number output field share avgrisk number output field avgrisk bucket number output field bucket count number count value example \[ { "status code" 200, "reason" "ok", "json body" { "items" {}, "count" 100 } } ] search threat search threat endpoint url /api/v1/threat/ search method get input argument name type required description from number optional parameter for search threat length number optional parameter for search threat groupby array optional parameter for search threat calculate array optional parameter for search threat orderby array optional parameter for search threat timestamp array optional parameter for search threat timestamp\[lt] array optional parameter for search threat timestamp\[le] array optional parameter for search threat timestamp\[ge] array optional parameter for search threat timestamp\[gt] array optional parameter for search threat timestamp\[eq] array optional parameter for search threat type array optional type of the resource type\[ne] array optional type of the resource type\[eq] array optional type of the resource host array optional parameter for search threat host\[like] array optional parameter for search threat host\[nlike] array optional parameter for search threat host\[eq] array optional parameter for search threat host\[ne] array optional parameter for search threat direction array optional parameter for search threat direction\[ne] array optional parameter for search threat direction\[eq] array optional parameter for search threat cve id array optional unique identifier cve id\[like] array optional unique identifier cve id\[nlike] array optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase items object output field items timestamp string output field timestamp type string type of the resource host string output field host direction string output field direction cve id array unique identifier cve description string output field cve description cve severity string output field cve severity cve score number score value cve published string output field cve published cve matchstatus string status value cve weaponized boolean output field cve weaponized cve hasransomware boolean output field cve hasransomware cve reportedbygooglezerodays boolean output field cve reportedbygooglezerodays cve cisaduedate string date value cve numberofreferences number output field cve numberofreferences cve numberofthreatactors number output field cve numberofthreatactors device industry string output field device industry device group string output field device group device category string output field device category device type string type of the resource device brand string output field device brand device model string output field device model example \[ { "status code" 200, "reason" "ok", "json body" { "items" {}, "count" 100, "total" 200, "next" 10, "prev" 10 } } ] notes for more information on armis security is found at armis security main site https //docs ic armis com/