Swimlane Connectors β Release Notes
this document summarizes new connectors and new actions delivered to the swimlane connector catalog may 2026 new connectors microsoft graph api device management microsoft graph api device management provides tools for managing and securing devices via the microsoft graph api microsoft graph api device management provides a comprehensive interface for managing intune devices and retrieving bitlocker recovery keys this integration allows swimlane turbine users to seamlessly automate device management tasks, such as listing managed devices and retrieving critical recovery keys, enhancing operational efficiency and security posture by leveraging this connector, users can streamline device management processes and ensure quick access to essential device information, all within the swimlane turbine platform for more information, see the microsoft graph api device management documentation https //docs swimlane com/connectors/microsoft graph api device management new actions apivoid apis get domain information β retrieve whois like domain information from apivoid, including registrar details, abuse email, owner organization and country, domain age, dnssec status, and nameservers requires the 'host' parameter for execution for more information, see the apivoid apis documentation https //docs swimlane com/connectors/apivoid apis azure active directory create named location β create an ip or country based named location in azure active directory for conditional access policies, requiring @odata type and displayname list conditional access policies β retrieve a list of conditional access policies configured in the azure active directory tenant via the microsoft graph api useful for auditing existing policies before enabling, disabling, or updating them update conditional access policy state β enable or disable a conditional access policy in azure active directory by updating its state via the microsoft graph api requires policy id and state for more information, see the azure active directory documentation https //docs swimlane com/connectors/azure active directory censys search create a tag v3 β create a new tag in your censys search organization to label and organize assets requires organization id, name, and privacy settings get a host β retrieve detailed information about a single host using its ip address as the host id in censys search run a search query β run a search query across censys data using the specified json body with the required 'query' parameter update a tag v3 β update an existing tag in your censys search organization using the tag id and organization id only specified fields will be updated, while omitted fields remain unchanged for more information, see the censys search documentation https //docs swimlane com/connectors/censys search cisco splunk add findings to investigation β add findings to an existing investigation in cisco splunk enterprise security using finding ids and times requires path parameter id and json body with finding ids and finding times create investigation β create a new investigation in cisco splunk enterprise security using fields like name, description, owner, urgency, and sensitivity requires specific capabilities for execution create note in investigation β create a new note in a finding or investigation in cisco splunk enterprise security requires content and optional title and file attachments delete note from investigation β remove a note from a finding or investigation in cisco splunk enterprise security using the specified investigation id and note id get notes from investigation β retrieve notes from a finding or investigation in cisco splunk enterprise security using optional filters like keyword search, source type, limit, offset, and sort requires the 'id' path parameter list investigations β retrieve investigations from cisco splunk enterprise security using optional query parameters like ids, status, owner, urgency, sensitivity, and time ranges update investigation β update fields of an investigation or finding by id in cisco splunk enterprise security requires mc investigation write and edit notable events, or admin all objects update note in investigation β update an existing note in a finding or investigation in cisco splunk using investigation id and note id modify fields like title, content, and file attachments for more information, see the cisco splunk documentation https //docs swimlane com/connectors/cisco splunk crowdstrike falcon v2 download case attachment β retrieve an attachment for a case in crowdstrike falcon v2 using the specified attachment id for more information, see the crowdstrike falcon v2 documentation https //docs swimlane com/connectors/crowdstrike falcon v2 cyera add datastore owner β assign a new owner to a specific datastore in cyera requires a json body with the 'items' parameter datastore classifications β retrieve classifications for a specific datastore in cyera using the unique identifier (uid) as a path parameter datastore objects β retrieve all supported objects for a specific datastore in cyera, including unclassified objects requires the uid as a path parameter identity classifications β return the classifications for a specific identity in cyera using the unique identifier (uid) as a path parameter identity datastores β return datastores accessible to an identity with access scoped sensitive data information, including privileges, accessible sensitive records count, and data classifications requires uid as a path parameter issue classifications β return all classifications for a specific issue in cyera using the unique identifier (uid) as a path parameter issue identities β get identities associated with a specific issue in cyera using the unique identifier (uid) as a path parameter issue objects β return all supported objects for a specific issue in cyera, including unclassified objects requires the unique identifier (uid) as a path parameter list datastores β return a list of datastores in cyera based on the specified filters list identities β return a list of identities in cyera based on the specified filters remove datastore owner β delete manually assigned datastore owners in cyera using the owner's email address send to scan β send a datastore identified by uid to be scanned in cyera requires json body with datastoreuids update datastore owners β assign a datastore owner in cyera using the owner's email and ownertype requires uid as path parameter and email in json body update issue status β update the status of a specific issue in cyera using uid and new status update user tags β add or remove user tags from a datastore in cyera using the uid and usertaguid parameters for more information, see the cyera documentation https //docs swimlane com/connectors/cyera eclecticiq create a new observable β create a new observable in eclecticiq using the provided data in json format get an observable by id β retrieve an observable from eclecticiq using its unique id provided as a path parameter for more information, see the eclecticiq documentation https //docs swimlane com/connectors/eclecticiq google vertex ai chat with claude using vertex ai β engage in a conversation with claude using google vertex ai requires project, location, and model as path parameters, and anthropic version, messages, and max tokens in the json body for more information, see the google vertex ai documentation https //docs swimlane com/connectors/google vertex ai ibm qradar get custom properties β retrieves a list of event regex custom properties defined in ibm qradar, including property name, type, and whether it is used by the rule engine get deployed users β retrieves a list of all deployed users from qradar via get /api/config/access/users returns all users when called with admin capability, users without admin when called with saasadmin, or only the current user otherwise for more information, see the ibm qradar documentation https //docs swimlane com/connectors/ibm qradar ipinfo hosted domains β retrieve a list of domains hosted on a specified ip address with pagination support requires an ipinfo enterprise plan token for more information, see the ipinfo documentation https //docs swimlane com/connectors/ipinfo intezer analyze get alert by id β retrieve triage and response information for an ingested alert in intezer analyze using its alert id search incidents β search for incidents in intezer analyze using provided incident ids and retrieve their triage and response details for more information, see the intezer analyze documentation https //docs swimlane com/connectors/intezer analyze microsoft azure devops add work item comment β add a plain text comment to a work item in microsoft azure devops using organization, project, workitemid, api version, and text add work item comment with format β add a formatted comment to a work item in microsoft azure devops requires organization, project, workitemid, api version, and text create field β create a work item tracking field in microsoft azure devops using organization, project, and api version parameters create queries β create work item tracking queries in microsoft azure devops using organization, project, and query path parameters along with the api version parameter create work item β create a work item in microsoft azure devops using json patch operations requires organization, project, and type as path parameters, and api version as a parameter create work item attachment β upload a work item attachment stream to microsoft azure devops wit api requires organization, project, api version, and file data delete fields β delete work item tracking fields in microsoft azure devops using organization, project, and field name or reference name requires api version delete queries β delete a query or folder in microsoft azure devops using organization, project, and query path parameters along with the api version parameter delete work item β delete or permanently destroy a work item in microsoft azure devops using organization, project, id, and api version parameters delete work item attachment β delete a work item attachment in microsoft azure devops using organization, project, id, and api version delete work item comment β remove a comment from a work item in microsoft azure devops using the wit api requires organization, project, workitemid, and commentid as path parameters and api version as a parameter delete work items β delete multiple work items in microsoft azure devops using organization, project, api version, and item ids get fields β retrieve work item tracking fields in microsoft azure devops using organization, project, field name or reference name, and api version get queries β get work item tracking queries from microsoft azure devops using organization, project, query path parameters, and api version parameter get queries batch β get a batch of work item tracking queries in microsoft azure devops using organization, project, and api version parameters get work item β retrieve a work item from microsoft azure devops using its identifier and optional fields requires organization, project, id, and api version as inputs get work item attachment β download work item attachment content from microsoft azure devops using organization, project, id, and api version as inputs get work item comment β retrieve a specific work item comment from microsoft azure devops using organization, project, workitemid, and commentid as path parameters, along with the api version parameter get work item comments β retrieve a pageable list of comments for a specific work item in microsoft azure devops requires organization, project, workitemid as path parameters and api version as a parameter get work item comments batch β retrieve comments for specified work items in microsoft azure devops using organization, project, workitemid, api version, and ids as inputs get work item template β retrieve a work item template for a specified type in microsoft azure devops requires organization, project, and type as path parameters and api version as a parameter get work item type field β get a field definition for a work item type in microsoft azure devops using organization, project, type, field, and api version parameters get work items batch β retrieve multiple work items in microsoft azure devops using a batch request requires organization, project, api version, and ids list fields β retrieve a list of work item tracking fields in microsoft azure devops using organization, project, and api version parameters list queries β retrieve a list of work item tracking queries in microsoft azure devops using organization, project, and api version parameters list work item type fields β list field definitions for a work item type in microsoft azure devops requires organization, project, and type as path parameters, and api version as a parameter list work items β retrieve work items from microsoft azure devops using organization, project, api version, and comma separated identifiers search queries β search for work item tracking queries in microsoft azure devops using organization, project, and api version parameters send mail β send mail for selected or queried work items in microsoft azure devops using restful method requires organization, project, and api version as inputs tags delete β remove a tag from a project in microsoft azure devops, affecting all associated work items and pull requests requires organization, project, tagidorname, and api version parameters tags get β retrieve a specific tag for a project in microsoft azure devops using organization, project, and tagidorname as path parameters, along with the api version parameter tags list β retrieve all tags associated with a specific project in microsoft azure devops requires organization, project as path parameters and api version as a parameter tags update β update the tag for a project in microsoft azure devops using organization, project, tagidorname, api version, and id update fields β update work item tracking fields in microsoft azure devops using organization, project, field name or reference name, and api version update queries β update work item tracking queries in microsoft azure devops using organization, project, and query path parameters along with the required api version update work item β update a work item in microsoft azure devops using json patch operations requires organization, project, id as path parameters and api version as a parameter update work item comment β update the text of an existing work item comment in microsoft azure devops using organization, project, workitemid, commentid, api version, and text update work item comment with format β update a work item comment in microsoft azure devops with optional format requires organization, project, workitemid, commentid, api version, and text upload work item attachment chunk β upload a chunked attachment byte range to microsoft azure devops work item tracking requires organization, project, id, api version, headers, and file data work item relation types get β retrieve the work item relation type definition in microsoft azure devops using organization, relation, and api version parameters work item relation types list β retrieve the list of work item relation types in microsoft azure devops requires organization as a path parameter and api version as a parameter work item transitions list β retrieve the next state transitions for specified work item ids in microsoft azure devops requires organization as a path parameter and api version, ids as parameters work item type categories get β retrieve a specific work item type category by name in microsoft azure devops using organization, project, category, and api version parameters work item type categories list β retrieve all work item type categories in microsoft azure devops for a specified organization and project requires api version, organization, and project as inputs work item type states list β retrieve state names and colors for a specified work item type in microsoft azure devops requires organization, project, type as path parameters, and api version as a parameter work item types get β retrieve a work item type definition in microsoft azure devops using organization, project, type, and api version parameters work item types list β retrieve a list of work item types in microsoft azure devops for a specified organization and project requires organization, project, and api version parameters for more information, see the microsoft azure devops documentation https //docs swimlane com/connectors/microsoft azure devops microsoft defender export software vulnerabilities by machine β retrieve a comprehensive snapshot of software vulnerabilities, including device, os, and software details for each onboarded machine in microsoft defender ideal for seeding siem, cmdb, or asset vulnerability mapping export software vulnerability changes by machine β retrieve incremental software vulnerability changes per device from microsoft defender since a given timestamp for ongoing siem, soar, or cmdb sync for more information, see the microsoft defender documentation https //docs swimlane com/connectors/microsoft defender microsoft graph api device management get bitlocker recovery key β retrieve a bitlocker recovery key using its identifier from microsoft graph api device management requires the bitlockerrecoverykeyid as a path parameter list managed devices β list properties and relationships of intune managed device objects in microsoft graph api device management list managed devices for detected app β list managed devices with a specific detected app installed in microsoft graph api device management requires the detectedappid as a path parameter list managed devices for user detected app β list managed devices for a user related to a detected app in microsoft graph api device management requires path parameters detectedappid, manageddeviceid, and userid for more information, see the microsoft graph api device management documentation https //docs swimlane com/connectors/microsoft graph api device management palo alto networks cortex xdr get alerts v2 β obtain a comprehensive list of alerts with multiple events from palo alto networks cortex xdr using the v2 api endpoint quarantine files β quarantine files on up to 1000 endpoints in cortex xdr if a file is not found, no action occurs verify quarantine status in the action center requires request data in json body update incident β update specific incident fields in palo alto networks cortex xdr, ignoring missing fields use empty strings to unassign users or remove manual severity for more information, see the palo alto networks cortex xdr documentation https //docs swimlane com/connectors/palo alto networks cortex xdr sentinelone get accounts β get accounts and their data from sentinelone that match the specified filter for more information, see the sentinelone documentation https //docs swimlane com/connectors/sentinelone slack test β verify the connection to slack to ensure integration functionality is working correctly for more information, see the slack documentation https //docs swimlane com/connectors/slack april 2026 new connectors checkpoint xdr checkpoint xdr is a security platform that provides extended detection and response capabilities across various environments checkpoint xdr is a comprehensive extended detection and response platform that provides advanced threat prevention and incident response capabilities the checkpoint xdr connector for swimlane turbine allows users to seamlessly integrate checkpoint's incident management capabilities into their security automation workflows by leveraging this integration, swimlane turbine users can efficiently retrieve and manage incidents, apply advanced filtering, and normalize data into the turbine schema for enhanced analysis and response this integration empowers security teams to streamline their incident response processes, reduce manual effort, and improve overall security posture for more information, see the checkpoint xdr documentation https //docs swimlane com/connectors/checkpoint xdr eset inspect onprem v3 eset inspect on prem v3 is an endpoint detection and response solution that provides advanced threat detection and investigation capabilities eset inspect on prem is a robust endpoint detection and response (edr) solution designed to provide deep visibility into endpoint activities and potential threats this connector allows swimlane turbine users to seamlessly integrate with eset inspect on prem, enabling the retrieval and management of security detections by leveraging this integration, users can automate the extraction and normalization of threat data, enhancing their security operations with precise and actionable insights for more information, see the eset inspect onprem v3 documentation https //docs swimlane com/connectors/eset inspect onprem v3 eclecticiq eclecticiq is a threat intelligence platform designed to help organizations manage and operationalize their cyber threat intelligence eclecticiq is a leading threat intelligence platform that empowers organizations to manage and analyze cyber threats effectively the eclecticiq connector for swimlane turbine enables seamless integration with eclecticiq's robust threat intelligence capabilities, allowing users to create and manage observables and entities, and retrieve detailed threat data this integration enhances security automation by providing real time insights and actionable intelligence, enabling security teams to respond swiftly and efficiently to emerging threats for more information, see the eclecticiq documentation https //docs swimlane com/connectors/eclecticiq exabeam threat center api the exabeam threat center api enables organizations to manage and respond to security incidents through advanced threat detection and case management exabeam threat center is a comprehensive security platform designed to enhance threat detection and response capabilities this connector allows seamless integration with swimlane turbine, enabling users to automate alert and case management tasks such as creating, updating, and retrieving details for alerts and cases by leveraging this integration, security teams can streamline their workflows, reduce manual effort, and enhance their incident response efficiency within the swimlane turbine environment for more information, see the exabeam threat center api documentation https //docs swimlane com/connectors/exabeam threat center api google vertex ai google vertex ai is a machine learning platform that simplifies the process of building, deploying, and scaling ml models google vertex ai is a comprehensive ai platform that enables the development and deployment of machine learning models at scale this connector allows swimlane turbine users to leverage google vertex ai's advanced capabilities for interacting with ai models, engaging in conversations, and querying reasoning engines by integrating with google vertex ai, swimlane turbine users can enhance their security automation workflows with powerful ai driven insights and actions, enabling more efficient threat detection and response for more information, see the google vertex ai documentation https //docs swimlane com/connectors/google vertex ai symantec cloud secure web gateway symantec cloud secure web gateway is a cloud based security solution that protects against web threats and enforces internet usage policies symantec cloud secure web gateway is a comprehensive security solution that provides advanced threat protection and policy management for web traffic this connector allows swimlane turbine users to automate the management of policy lists, including creating, retrieving, updating, and deleting custom policy lists by integrating with symantec cloud secure web gateway, users can streamline policy enforcement, enhance security posture, and ensure compliance with organizational policies, all within the swimlane turbine platform for more information, see the symantec cloud secure web gateway documentation https //docs swimlane com/connectors/symantec cloud secure web gateway new actions arcanna ai get event export β retrieve an event from arcanna ai in its raw format using job id and event id as path parameters for more information, see the arcanna ai documentation https //docs swimlane com/connectors/arcanna ai archerirm get application by id β retrieve metadata for an application in archerirm using the specified application id as a path parameter get values list field definition by level id β see the connector documentation for details on the get values list field definition by level id action retrieve findings β retrieve findings from archerirm to analyze and manage risk related data efficiently for more information, see the archerirm documentation https //docs swimlane com/connectors/archerirm checkpoint xdr list incidents β retrieve paginated checkpoint xdr incidents with optional filtering by time, limit, and offset optionally return results as normalized turbine schema alerts for more information, see the checkpoint xdr documentation https //docs swimlane com/connectors/checkpoint xdr cisco umbrella management add destinations to destination list base64 csv β add destinations to a cisco umbrella destination list using a base64 encoded csv string with 'base64 string' and 'umbrella destinationlist id' for more information, see the cisco umbrella management documentation https //docs swimlane com/connectors/cisco umbrella management crowdstrike falcon v2 add case activity β add an activity to a case in crowdstrike falcon v2 using the case id, content, type, and user uuid create a new case β create a new case in crowdstrike falcon v2 using details like content, detections, incidents, title, type, and user uuid retrieve activities for ids β retrieve activities for specified ids in crowdstrike falcon v2 using the provided json body with 'ids' as a required field retrieve activities ids for a case β retrieve activity ids for a specific case in crowdstrike falcon v2 using parameters like case id, limit, sort, filter, and offset retrieve aggregate case values β retrieve aggregate case values in crowdstrike falcon v2 using filters like date ranges, field, and more retrieve case ids β retrieve case ids from crowdstrike falcon v2 that match the provided filter criteria, with options to limit, sort, and offset results retrieve message center cases β retrieve message center cases in crowdstrike falcon v2 using specified ids in the json body retrieves an attachment for case β see the connector documentation for details on the retrieves an attachment for case action upload an attachment for case β upload an attachment to a case in crowdstrike falcon v2 using the specified files and data body for more information, see the crowdstrike falcon v2 documentation https //docs swimlane com/connectors/crowdstrike falcon v2 eset inspect onprem v3 list detections β retrieve a paginated, filterable list of eset inspect on prem detections with options for sorting and filtering optionally returns results as normalized turbine schema alerts for more information, see the eset inspect onprem v3 documentation https //docs swimlane com/connectors/eset inspect onprem v3 eclecticiq create an entity β leverage the external stix id in the payload's data attribute to de duplicate and create an entity in eclecticiq get a list of entities β retrieve a paginated list of entities in eclecticiq with sorting, optional field projection, structured filters, and lucene full text or faceted search get a list of observables β retrieve a list of observables from eclecticiq with options for pagination, sorting, field projection, filters, and lucene style search get an entity by id β retrieve an entity using its stix or eclecticiq id requires the 'id' as a path parameter for more information, see the eclecticiq documentation https //docs swimlane com/connectors/eclecticiq exabeam threat center api create a new case β create a new case in exabeam threat center linked to an alert, updating details such as stage, priority, queue, assignee, and closed reason requires alertid and priority create a note for a case β add a new note to a specified case in exabeam threat center api using the caseid as a path parameter get alert details β retrieve detailed information for a specific alert in exabeam threat center using the alert id get case details β get details for a specific case in exabeam threat center using the provided case id get threat summary β retrieve the copilot threat summary for an individual alert in exabeam threat center api using the alertid list notes for a case β see the connector documentation for details on the list notes for a case action search for alerts β search for alerts in exabeam threat center api that match specified criteria, including starttime, endtime, fields, and filter search for cases β search for cases in exabeam threat center api that match specified criteria, including starttime, endtime, fields, and filter update alert details β update details for a specific alert in exabeam threat center using the alert id as a path parameter update case details β update details for a specific case in exabeam threat center using the case id as a path parameter for more information, see the exabeam threat center api documentation https //docs swimlane com/connectors/exabeam threat center api google vertex ai ask vertex β interact with a google vertex ai model by asking questions requires project, location, and model as path parameters, and contents in the json body reasoning engines query β query a reasoning engine in google vertex ai using specified project, location, and reasoning engine path parameters reasoning engines stream query β stream queries using a reasoning engine in google vertex ai requires path parameters project, location, and reasoningengine for more information, see the google vertex ai documentation https //docs swimlane com/connectors/google vertex ai misp add domain ip object to event β add a domain ip object to a misp event using event id requires at least one of domain, hostname, or ips supports single domain and arrays for ips and ports, with per attribute tags add email object to event using eml file β convert each eml attachment into a misp email object and append it to the specified event using event id and email eml add file object to event β add a misp file object to an event using metadata like full path and hashes no file attachment is required optionally add tags to specific object attributes add process object to event β add a misp process object to an event using details like pid, name, image, command line, and parent info requires the event id add url object to event β add a url object to a misp event using the event id and url value scheme, host, domain, port, path, query string, fragment, and related fields are derived from the url execute script β execute a python script using pymisp and bundled dependencies in misp for more information, see the misp documentation https //docs swimlane com/connectors/misp mitre att\&ck (pyattck) get formatted string from array β generate a formatted string for swimlane use cases and widgets from an array of technique names or ids for more information, see the mitre att\&ck (pyattck) documentation https //docs swimlane com/connectors/mitre att ck pyattck markdownify markdown to html β convert markdown text to html using github flavored markdown (cmark gfm) for more information, see the markdownify documentation https //docs swimlane com/connectors/markdownify microsoft defender reset user password (authentication method) β reset a user's password using microsoft graph's password authentication method requires user id and password method id as path parameters revoke user sign in sessions β invalidate a user's refresh tokens and sign in sessions in microsoft defender using the user id path parameter for more information, see the microsoft defender documentation https //docs swimlane com/connectors/microsoft defender microsoft graph api send channel message β send a new chat message to a specified microsoft teams channel using team id, channel id, and message body send channel message reply β send a reply to an existing message in a microsoft teams channel using team id, channel id, message id, and body send chat message β send a new chat message in a specified microsoft teams chat using the chat id and message body for more information, see the microsoft graph api documentation https //docs swimlane com/connectors/microsoft graph api servicenow create ticket β see the connector documentation for details on the create ticket action queries servicenow cmdb β retrieve cmdb records from servicenow using sys id, ip, hostname, or fqdn supports optional parameters for additional data retrieval update ticket β see the connector documentation for details on the update ticket action for more information, see the servicenow documentation https //docs swimlane com/connectors/servicenow symantec cloud secure web gateway append policy list items β appends entries to an existing published customer policy list in symantec cloud secure web gateway requires the policy list id as a path parameter create policy list β create a new empty custom policy list for the customer account in symantec cloud secure web gateway requires json body with name and type delete policy list β delete an unreferenced published custom list for the customer in symantec cloud secure web gateway using the specified id get policy list by id β retrieve a custom policy list and all its items from symantec cloud secure web gateway using the specified id as a path parameter get policy list types β retrieve custom policy list types that can be created or modified in symantec cloud secure web gateway get policy lists β retrieve customer policy lists from symantec cloud secure web gateway, optionally filtered by list type get policy object items by type β retrieve paged policy objects by type for custom lists, sorted by name requires 'type' as a path parameter publish policy β publish the customer policy in symantec cloud secure web gateway with a default api limit of one call per fifteen minutes replace policy list items β replace the entire contents of an existing published customer policy list in symantec cloud secure web gateway requires the 'id' as a path parameter for more information, see the symantec cloud secure web gateway documentation https //docs swimlane com/connectors/symantec cloud secure web gateway symantec dlp list incidents in csv β retrieve multiple incidents in csv format using a single api call in symantec dlp requires json body with 'select' parameter list incidents in json β generate a list of json formatted incidents in symantec dlp based on specified criteria, requiring the 'select' parameter in the json body list summary of incidents in csv β retrieve a summary of incidents in csv format from symantec dlp using a single api call requires 'groupby' parameter in the json body list summary of incidents in json β retrieve a summary of incidents in symantec dlp using a single api call, requiring the groupby parameter in json format for more information, see the symantec dlp documentation https //docs swimlane com/connectors/symantec dlp vectra cognito v2 search detections β search detections using vectra's lucene style query language against the v2 5 search endpoint, supporting pagination and optional normalization to turbine schema alerts for more information, see the vectra cognito v2 documentation https //docs swimlane com/connectors/vectra cognito v2 zendesk ticket management list organizations β retrieve a list of organizations from zendesk ticket management for efficient ticket handling and management show organization β retrieve details of an organization in zendesk ticket management using the specified organization id show ticket metrics by ticket β display metrics for a specific ticket in zendesk ticket management using the ticket id as a path parameter for more information, see the zendesk ticket management documentation https //docs swimlane com/connectors/zendesk ticket management march 2026 new connectors crowdstrike next gen siem the crowdstrike next gen siem connector allows for seamless integration with swimlane turbine, enabling automated security incident management and enhanced threat detection capabilities crowdstrike next gen siem is a cutting edge security information and event management platform that provides comprehensive visibility and advanced analytics to detect and respond to threats this connector enables swimlane turbine users to automate key incident response tasks such as adding alerts and events to cases, managing case tags, and initiating searches within crowdstrike by integrating with crowdstrike next gen siem, security teams can enhance their operational efficiency, reduce response times, and maintain a robust security posture through streamlined case management and evidence collection for more information, see the crowdstrike next gen siem documentation https //docs swimlane com/connectors/crowdstrike next gen siem halcyon halcyon is a security platform that provides advanced threat detection and response capabilities for managing security operations halcyon is a comprehensive platform for asset management and threat detection, offering robust capabilities to manage and secure digital assets the halcyon connector for swimlane turbine enables seamless integration with halcyon's services, allowing users to automate asset reporting, alert management, and tenant information retrieval this integration empowers security teams to efficiently manage assets, respond to threats, and maintain system health, all within the swimlane turbine environment for more information, see the halcyon documentation https //docs swimlane com/connectors/halcyon new actions atlassian jira service desk attach temporary file β upload a file as a temporary attachment to a specified service desk in atlassian jira service desk using the servicedeskid, providing ids for further operations create comment with attachment β create a comment with attachments on a jira service desk issue using the specified issue id or key requires prior upload of files to obtain attachment ids perform customer transition β execute a customer transition for a jira service desk request using the issue id or key and transition id for more information, see the atlassian jira service desk documentation https //docs swimlane com/connectors/atlassian jira service desk crowdstrike falcon v2 check connectivity β see the connector documentation for details on the check connectivity action for more information, see the crowdstrike falcon v2 documentation https //docs swimlane com/connectors/crowdstrike falcon v2 crowdstrike next gen siem add alerts to existing case β adds specified alerts as evidence to an existing case in crowdstrike next gen siem, requiring the case id and alert details add event evidence to existing case β adds a list of event evidence to an existing case in crowdstrike next gen siem using the case id and events data add tags to an existing case β appends specified tags to an existing case in crowdstrike next gen siem using the case id create a new case β creates a new case in crowdstrike next gen siem with details such as assignment, description, evidence, name, severity, and status get cases by ids β retrieves all crowdstrike next gen siem cases for specified case ids provided in the json body get search status β retrieve the current status of a search in crowdstrike next gen siem using the specified repository and id initiate search β initiates a search in crowdstrike next gen siem using a specified query string and repository list cases β retrieves all case ids from crowdstrike next gen siem that match a specified query remove tags from an existing case β removes specified tags from an existing case in crowdstrike next gen siem using the case id stop search β terminate an ongoing search in crowdstrike next gen siem using the specified repository and search id update an existing case β updates specified fields for an existing case in crowdstrike next gen siem using the case id for more information, see the crowdstrike next gen siem documentation https //docs swimlane com/connectors/crowdstrike next gen siem cybelangel get token β retrieve a cybelangel oauth2 access token and its expiry time, serving as the initial step in workflows requiring authentication update report status β update a specific incident report's status in cybelangel using the provided report id and status value for more information, see the cybelangel documentation https //docs swimlane com/connectors/cybelangel cynet disable user β disable a user account in cynet using the provided json body enable user β enables a user in cynet get host details β retrieves a host's details using its name get host properties β retrieves a host's properties using its name get user remediation status β retrieves the current status of a remediation action for an endpoint in cynet using the provided remediation action id run command on host β runs a command on a host in cynet for more information, see the cynet documentation https //docs swimlane com/connectors/cynet google chronicle detection engine list curated detections all versions all rules β retrieve a comprehensive list of curated detections across all versions and rules from google chronicle for more information, see the google chronicle detection engine documentation https //docs swimlane com/connectors/google chronicle detection engine halcyon export assets β request the creation of a full or filtered asset report in csv format from halcyon using specified json body and headers get alert by id β get the alert in halcyon matching the given alertid using specified path parameters and headers get asset by id β retrieve detailed information about an asset in halcyon using the asset id as a path parameter and necessary headers get installer info β retrieve installer details for the current halcyon tenant, including install token and download links for available versions requires headers get installer info v2 β get installer information for the current halcyon tenant, including install token and download links for available versions requires headers get maintenance token β get a maintenance token for an asset's installed agent in halcyon using path parameters and headers, including assetid get tenant by id β get the tenant information associated with the given identifier in halcyon using the tenantid path parameter healthcheck β reports success if the halcyon server is healthy healthcheck prism β report success if the prism proxy service in halcyon is healthy list alerts β retrieve a paginated list of alerts in halcyon matching specified criteria requires headers for authentication list all descendants β get a paginated list of all descendant tenants across sub tiers for a specified tenant in halcyon requires path parameters, headers, and json body list tenants β retrieve a paginated list of tenants accessible to the current user in halcyon use the 'all' query parameter for an unpaginated list of all accessible tenants update alert β update the alert in halcyon matching the given alertid using specified path parameters, headers, and json body update note for alert β update an alert's note in halcyon by specifying the alertid, current note's version, and new text content for more information, see the halcyon documentation https //docs swimlane com/connectors/halcyon huntress create organization β initiate the creation of a new organization in huntress using specified 'key' and 'name' get account β retrieve details of the top level huntress account associated with your api credentials list escalations β retrieve a list of escalations with varying severities (low, high, critical) for your huntress account, including pagination metadata list organizations β retrieve details of organizations linked to your huntress account, including a pagination key for result management as per huntress documentation update organization β update an existing organization in huntress using the specified id provided in path parameters for more information, see the huntress documentation https //docs swimlane com/connectors/huntress ibm qradar collect events and build alerts β collects aql search results for qradar offenses, parses ioc observables, and builds structured alert objects ready for ingestion get offenses and submit searches β fetch ibm qradar offenses and submit aql event searches, returning offenses with optional notes and search ids for event collection and alert building patch log sources β apply patches to multiple log sources in ibm qradar, enabling creation, updates, and deletions in one transaction returns a task resource location for more information, see the ibm qradar documentation https //docs swimlane com/connectors/ibm qradar microsoft graph api create subscription β create a microsoft graph webhook subscription for specified resources to receive change notifications requires changetype, notificationurl, resource, and expirationdatetime delete subscription β delete an existing microsoft graph api subscription and stop change notifications using the specified subscriptionid get subscription β retrieve details for a specific microsoft graph api security subscription using the provided subscriptionid update subscription β renew or modify a microsoft graph api security subscription by updating its expiry time or notification url requires 'subscriptionid' as a path parameter for more information, see the microsoft graph api documentation https //docs swimlane com/connectors/microsoft graph api pagerduty get a log entry β get details for a specific incident log entry provides additional information for raw event data log entries record events that happen to an incident requires oauth scope incidents read when using scoped oauth get an alert β get detailed information for one alert by incident id and alert id requires oauth scope incidents read for scoped oauth get an incident β get details for a single incident by id list alerts for an incident β list alerts for the specified incident an incident represents a problem or issue that needs to be addressed and resolved requires oauth scope incidents read when using scoped oauth list incidents β list incidents, optionally filtered by status, service, team, user, time range, and other query parameters list log entries β list incident log entries across the entire account a log of events that happen to an incident is exposed as log entries requires oauth scope incidents read when using scoped oauth for more information, see the pagerduty documentation https //docs swimlane com/connectors/pagerduty palo alto networks cortex xsoar v6 batch export indicators to csv β exports a batch of indicators to a csv file and provides the resulting file id for download batch export indicators to stix β exports a batch of indicators from palo alto networks cortex xsoar v6 to a stix file and provides the resulting file id batch whitelist or delete indicators β allows batch whitelisting or deletion of indicators in cortex xsoar v6 set 'donotwhitelist' to true for deletion only create indicators β create indicators in palo alto networks cortex xsoar v6 from a specified file a 'files' input is required edit indicator β modify an existing indicator entity in palo alto networks cortex xsoar v6, including updates to custom fields by using lowercase and removing spaces search indicators β performs a search for indicators within palo alto networks cortex xsoar v6 using specified filters whitelists or deletes indicator β whitelists or deletes an indicator in cortex xsoar v6 to delete without whitelisting, set the donotwhitelist field to true for more information, see the palo alto networks cortex xsoar v6 documentation https //docs swimlane com/connectors/palo alto networks cortex xsoar v6 recorded future identity detections β retrieve classified credential exposures from breach dumps and stealer logs in recorded future identity dump metadata search β search for metadata in recorded future related to data dumps and breach databases using specific criteria identity hostname lookup β retrieve all stolen credentials from a compromised machine using its hostname in recorded future identity incident report β generate a detailed incident report for stealer malware infections, including credentials and machine context, using recorded future identity ip lookup β retrieve credentials compromised by a specific ip address or range at the time of infection using recorded future identity password lookup β verify if password hashes are present in breach data or stealer logs using k anonymity prefix support with recorded future for more information, see the recorded future documentation https //docs swimlane com/connectors/recorded future recorded future sandbox download sample β downloads the original file submission from recorded future sandbox using the sampleid ensure the file has completed processing before downloading get sample overview β retrieve a detailed report on a malware sample from recorded future sandbox, including iocs and mitre att\&ck mappings, using the sampleid select profile β selects an analysis profile for a sample in static analysis within recorded future sandbox, using one of auto, pick, or profiles for more information, see the recorded future sandbox documentation https //docs swimlane com/connectors/recorded future sandbox runzero export assets (json) β exports the asset inventory from runzero as a json file, providing a comprehensive overview of networked assets export assets os (csv) β exports a csv file listing the top asset operating systems along with their counts from runzero export directory users (json) β exports the user inventory from runzero as a json file, providing a comprehensive list of users export software (json) β exports the software inventory from runzero as a json file, providing a comprehensive overview of installed applications for more information, see the runzero documentation https //docs swimlane com/connectors/runzero stellar siem add comment to a case β add a comment to a specified case in stellar siem using the case id and a comment string this action requires path parameters and a json body create connector β create a connector configuration in stellar siem using post /connect/api/v1/connector with query parameters and json body execute elasticsearch job β perform an elasticsearch dsl query on a specified index in stellar siem via /connect/api/data requires super admin and root scope access with a new token get case scores β retrieve the case score activities of a given case in stellar siem, returning a list of score activities with reasons and associated alerts requires the case id as a path parameter list cases β retrieve a list of existing cases in stellar siem with optional filters and pagination list connectors β retrieve a list of configured connectors in stellar siem, optionally filtered by tenant using cust id list tenants β retrieve the list of existing tenants in stellar siem with optional query fields for specific data inclusion list users β retrieve the list of existing users in stellar siem with an optional cust id query to filter the results update case β update a specific case in stellar siem using its id with details like name, severity, status, assignee, tags, and resolution for more information, see the stellar siem documentation https //docs swimlane com/connectors/stellar siem swimlane samba share retrieve file as attachment β retrieve a file from a samba share as a binary attachment using the specified service name and path for downstream actions for more information, see the swimlane samba share documentation https //docs swimlane com/connectors/swimlane samba share february 2026 new connectors cisco fmc the cisco fmc connector allows for streamlined management and automation of security policies and objects within the cisco fmc ecosystem cisco fmc (firepower management center) is a comprehensive management platform that provides centralized control over cisco's security solutions this connector enables swimlane turbine users to automate and streamline security management tasks such as creating, updating, and deleting access policies and network objects within cisco fmc by integrating with cisco fmc, security teams can enhance their incident response capabilities, enforce consistent security policies, and efficiently manage network security configurations without manual intervention for more information, see the cisco fmc documentation https //docs swimlane com/connectors/cisco fmc fortinet fortisandbox fortinet fortisandbox is a cybersecurity solution that provides advanced threat protection through sandboxing technology fortinet fortisandbox is a powerful security solution designed to detect and analyze advanced threats through sandboxing technology this connector enables seamless integration with swimlane turbine, allowing users to automate threat detection and response workflows by leveraging fortisandbox's capabilities, swimlane turbine users can efficiently manage file and url submissions, retrieve detailed verdicts and reports, and enhance their security operations with minimal manual intervention for more information, see the fortinet fortisandbox documentation https //docs swimlane com/connectors/fortinet fortisandbox swimlane vrm enrichment a brief description goes here be sure to provide an overview of what the plugin does include description of the product being integrated, plus use cases/value prop of the swimlane integration for more information, see the swimlane vrm enrichment documentation https //docs swimlane com/connectors/swimlane vrm enrichment new actions axonius export assets to csv β exports specified asset types from axonius into a csv format, requiring path parameters and optional json body inputs get asset by id β retrieves a specific asset from axonius using the asset type and internal axon id provided in path parameters get asset investigation β retrieve detailed investigation data for a specified asset type and internal axonius id get assets β retrieves a list of assets from axonius based on the specified asset type, requiring path parameter input get assets fields β retrieve all available fields for a specified asset type in axonius, utilizing the 'asset type' path parameter get global search entities β retrieve details of all assets associated with a specified global search term in axonius for more information, see the axonius documentation https //docs swimlane com/connectors/axonius cisco fmc create access policy β initiates the creation of an access control policy in cisco fmc using the specified domain uuid required inputs include domainuuid create access rules β creates new access rules within a specified domain and container in cisco fmc, requiring domainuuid and containeruuid as path parameters create network group β creates a new network group in cisco fmc with the provided domain uuid path parameters and json body are required create network objects β create network objects within a specified domain in cisco fmc, utilizing provided domain uuid and json body data delete access policy β deletes a specified access control policy in cisco fmc using domainuuid and objectid delete access rule β removes a specified access rule from a policy in cisco fmc using domain, container, and object ids delete network groups β removes specified network groups from cisco fmc filtered by domainuuid confirm selections prior to deletion delete network objects β removes specified network objects from cisco fmc filtered by domainuuid ensure correct selection before deletion get a specific access policy by id β retrieve a specific access control policy from cisco fmc using the provided domainuuid and objectid get a specific access rule by id β retrieve a specific access rule from cisco fmc by supplying the domain, container, and object ids as path parameters get a specific network group object by id β retrieve details of a specific network group object in cisco fmc using domainuuid and objectid get a specific network object by id β retrieve details of a specific network object in cisco fmc using the domainuuid and objectid get all access policies β retrieve all access control policies from cisco fmc for a given domain uuid get all access rules β retrieve all access rules for a specified policy in cisco fmc using domainuuid and containeruuid get all devices β retrieve all devices within a specified domain in cisco fmc using the domainuuid path parameter get all network groups β retrieve all network groups from cisco fmc using the domainuuid path parameter for identification get all network objects β retrieve a complete list of network objects from cisco fmc using the specified domainuuid get all policies β retrieves all access control policies from cisco fmc for a specified domain using the domainuuid, with options to filter by text or ip get all usage β retrieve usage details for a specified object uuid across objects and policies in cisco fmc, requiring domainuuid as a path parameter update a network group β modify an existing network group in cisco fmc with the provided domainuuid and objectid update a network object β modify an existing network object in cisco fmc using domainuuid and objectid provided in the path parameters update access policy β modify an existing access control policy in cisco fmc with the provided domainuuid and objectid update access rules β modify existing access rules in a specific domain and container of cisco fmc, utilizing the provided domainuuid and containeruuid for more information, see the cisco fmc documentation https //docs swimlane com/connectors/cisco fmc cisco umbrella investigate get domain status and categorization β retrieves domain status, security, and content categorizations from cisco umbrella investigate for a specified domain for more information, see the cisco umbrella investigate documentation https //docs swimlane com/connectors/cisco umbrella investigate crowdstrike falcon v2 execute admin rtr command β initiate a real time response admin command on a host in crowdstrike falcon using base command, command string, and session id for more information, see the crowdstrike falcon v2 documentation https //docs swimlane com/connectors/crowdstrike falcon v2 cynet get host remediation status β retrieve the current status of a remediation action for an endpoint in cynet using the provided remediation action id isolate host β isolate a specified host within the cynet platform to contain threats and prevent lateral movement requires headers for authentication unisolate host β reconnects a previously isolated host to the network using cynet for more information, see the cynet documentation https //docs swimlane com/connectors/cynet fortinet fortisandbox cancel submission β cancel an active submission in fortinet fortisandbox using the provided login credentials within the json body get file verdict β retrieve the verdict of a file by its hash from fortinet fortisandbox using json rpc's /scan/result/file method requires login credentials get job verdict β retrieve the verdict of a job from fortinet fortisandbox using login credentials provided in the json body get pdf report β retrieve a detailed pdf scan report from fortinet fortisandbox using the json rpc method for specified login credentials get url rating β retrieve the safety rating for a given url from fortinet fortisandbox, requiring 'loginname' in the json body submission file upload β upload a file to fortinet fortisandbox for detailed sandbox analysis, requiring file data and login credentials submission url upload β submit one or more urls to fortinet fortisandbox for comprehensive sandbox analysis parameters are encapsulated within the loginname for more information, see the fortinet fortisandbox documentation https //docs swimlane com/connectors/fortinet fortisandbox ibm qradar get offenses and events β see the connector documentation for details on the get offenses and events action for more information, see the ibm qradar documentation https //docs swimlane com/connectors/ibm qradar opencti threat intel enrichment search observables β search opencti for exact match observables like ip, domain, url, or file hash and return results only if an exact match is found for more information, see the opencti threat intel enrichment documentation https //docs swimlane com/connectors/opencti threat intel enrichment sentinelone ingest unified alerts β ingest and process sentinelone unified alerts with incremental polling, normalization, and enrichment requires 'variables' input reset user password β force specified sentinelone users to reset their password on next login, requiring a mandatory update requires a filter in the json body revoke user tokens β revoke api tokens for specified sentinelone users using a filter to prevent further authentication with those tokens for more information, see the sentinelone documentation https //docs swimlane com/connectors/sentinelone stellar siem retrieve paginated alerts β retrieve a specified range of alerts for a case in stellar siem using the case id, with options to skip and set a limit up to 50 alerts per request for more information, see the stellar siem documentation https //docs swimlane com/connectors/stellar siem trend micro apex central isolate restore relocate or uninstall sec agent β executes the specified action (isolation, restoration, relocation, or uninstallation) on a security agent via trend micro apex central for more information, see the trend micro apex central documentation https //docs swimlane com/connectors/trend micro apex central january 2026 new connectors eq technologies finika nac the finika nac connector allows for seamless integration with eq technologies' network access control system, enabling automated network security management eq technologies finika nac is a robust network access control solution that enables secure and efficient endpoint management through the swimlane turbine integration, users can automate the addition or removal of endpoints to and from blacklists and whitelists, perform bulk updates or deletions of assets, and retrieve ip to mac address mappings this connector streamlines network security operations, reduces manual workload, and enhances visibility into network assets, making it an essential tool for maintaining a secure and compliant network environment for more information, see the eq technologies finika nac documentation https //docs swimlane com/connectors/eq technologies finika nac stellar siem stellar siem is a robust platform that provides advanced threat detection and security analytics to protect enterprise networks stellar siem is a comprehensive security information and event management platform designed to enhance threat detection and response capabilities by integrating with swimlane turbine, users can automate security incident management tasks such as case creation, alert retrieval, and elasticsearch queries this integration empowers security teams to streamline operations, improve incident response times, and gain deeper insights into security events, all without the need for extensive coding for more information, see the stellar siem documentation https //docs swimlane com/connectors/stellar siem new actions crowdstrike falcon v2 get case activity β retrieve specific case activities from crowdstrike falcon v2 using resource ids get notifications detailed β retrieve detailed notifications from crowdstrike falcon v2 using specified notification ids parameters are required to specify the notification details query activities β retrieve a list of activity ids linked to a case in crowdstrike falcon v2, aiding in incident analysis and tracking query cases β retrieve case ids from crowdstrike falcon that match specific filter criteria, streamlining incident analysis and response query indicator entities β retrieve information on indicators within crowdstrike falcon v2 using specified fql filters requires a json body with the 'fql' parameter query notifications β retrieve notifications from crowdstrike falcon using specified criteria to aid in threat analysis and response update notifications β modify the status or assignee of multiple notifications in crowdstrike falcon v2 for efficient bulk updates for more information, see the crowdstrike falcon v2 documentation https //docs swimlane com/connectors/crowdstrike falcon v2 eq technologies finika nac add to blacklist β blocks an endpoint by adding its mac address to the blacklist in eq technologies finika nac add to whitelist β adds an endpoint to the whitelist in eq technologies finika nac using a specified mac address batch remove assets β performs a bulk deletion of assets in eq technologies finika nac using the specified json body batch update assets β performs a bulk update on assets within eq technologies finika nac using the provided json body get ip/mac mapping β retrieve the mapping of ip addresses to mac addresses from eq technologies finika nac remove asset β removes an asset from eq technologies finika nac by specifying the mac address update asset β modify an asset's assignment in eq technologies finika nac using the provided mac address for more information, see the eq technologies finika nac documentation https //docs swimlane com/connectors/eq technologies finika nac flashpoint get an indicator by id β retrieve a specific indicator from flashpoint using its unique identifier requires the 'id' as a path parameter list indicators β retrieve a list of indicators from flashpoint, providing insights into potential threats and malicious activities for more information, see the flashpoint documentation https //docs swimlane com/connectors/flashpoint microsoft graph api send email with attachments data β send a custom email with attachments to a specified recipient via microsoft graph api requires recipient's email address and message content for more information, see the microsoft graph api documentation https //docs swimlane com/connectors/microsoft graph api palo alto networks pan os create the address group β creates a new address group in palo alto networks pan os with specified parameters and data reference an address object in the rule β links an address object to a security rule in palo alto networks pan os using provided parameters and data update address group β updates an existing address group in palo alto networks pan os with specified parameters and data for more information, see the palo alto networks pan os documentation https //docs swimlane com/connectors/palo alto networks pan os silent push asn reputation β retrieve the reputation score for a specified autonomous system number (asn) from silent push using path parameter asn reputation history β retrieve the historical reputation data for a specified autonomous system number (asn) from silent push ipv4 reputation β retrieve the reputation score for a specified ipv4 address from silent push using path parameters ipv4 reputation history β retrieve the historical reputation data for a specified ipv4 address using silent push, requiring the ipv4 path parameter name server reputation β retrieve the reputation score for a specified name server from silent push, using the 'nameserver' path parameter name server reputation history β retrieve the reputation history of a specified name server from silent push, requiring the 'nameserver' path parameter ranked asn reputation β retrieve a list of autonomous system numbers (asns) with the highest reputation scores from silent push ranked subnet reputation β retrieve a list of subnets with the highest reputation scores from silent push, ranked by their security reliability subnet reputation β retrieve the reputation score for a specified subnet from silent push using the provided path parameter subnet reputation history β retrieve the historical reputation data for a specified subnet from silent push, requiring the 'subnet' path parameter for more information, see the silent push documentation https //docs swimlane com/connectors/silent push trellix ips add new attack filter β adds a new attack filter to trellix ips using type, name, domainid, and matchcriteria as configuration parameters add rule object β adds a new rule object to trellix ips with specified id, type, name, description, domain, and visibility settings assign attack filter to domain and attack β assign specific attack filters to a domain and attack within trellix ips using the provided domain id and assignattackfilterrequest assign attack filter to interface and attack β assigns specified attack filters to an interface or subinterface and attack in trellix ips, utilizing sensor id, interface id, and assignattackfilterrequest assign attack filter to sensor and attack β assigns specified attack filters to both a sensor and an attack within trellix ips, utilizing the sensor id and assignattackfilterrequest delete attack filter β deletes a specified attack filter from trellix ips using the provided unique attackfilter id delete rule object β removes a specified rule object from trellix ips; fails if the object is currently in use download invalid rule members csv file β downloads a csv file with invalid rule members from trellix ips using the specified rule object id export rule members to a csv file β downloads a csv file with rule members from trellix ips using the specified ruleobjectid get an attack filter β retrieve detailed information for a specified attack filter in trellix ips using the unique attackfilter id get attack filters assigned to domain and attack β retrieves all attack filters assigned to a specific domain and attack in trellix ips, requiring domain id and attack id as parameters get attack filters assigned to interface β retrieves all attack filters assigned to a specified interface or subinterface within trellix ips for a given attack, requiring sensor id, interface id, and attack id get attack filters assigned to sensor and attack β retrieves all attack filters assigned to a specific sensor and attack in trellix ips, using sensor id and attack id get attack filters assignments β retrieve assignments for a specific attack filter by id in trellix ips, encompassing all attacks and resources get attack filters defined in a domain β retrieves all attack filters within a specified domain in trellix ips, using the provided domain id get rule object β retrieves detailed information for a specified rule object in trellix ips using the ruleobject id get rule object associations β retrieve associations of a specific rule object across all modules in trellix ips using the ruleobject id get rule objects in a domain β retrieves a list of rule objects within a specified domain in trellix ips, requiring the domain id and object type get user group β retrieves user group rule objects from trellix ips, providing an overview of group configurations get user rule objects β retrieves a list of user defined rule objects from trellix ips for further analysis or modification import rule members to existing rule obj from file β imports rule members from a csv file to an existing trellix ips rule object, requiring 'importoption' and 'ruleobjid' import rule members to new rule object from file β imports rule members to a new trellix ips rule object from a specified csv file, requiring files, data body, and import options unassign attack filter to sensor and attack β removes specified attack filters from a sensor and attack in trellix ips, using sensor id, attack id, and direction unassign attack filters assigned to domain β removes all attack filters linked to a specific attack from a domain in trellix ips, using domain and attack ids, plus direction unassign attack filters to interface β removes specific attack filters from an interface or subinterface on a trellix ips sensor by utilizing sensor, interface, and attack ids update attack filter β updates an existing attack filter in trellix ips with details like domainid, matchcriteria, and other specified criteria update rule object β updates a specified rule object in trellix ips with details like type, name, and visibility settings requires ruleobject id and json body for more information, see the trellix ips documentation https //docs swimlane com/connectors/trellix ips december 2025 new connectors zscaler deception the zscaler deception connector enables automated interactions with the zscaler deception platform, facilitating the retrieval and management of security incidents and events zscaler deception is a cloud based security service that specializes in the detection of advanced threats and targeted attacks this connector enables swimlane turbine users to automate the retrieval and analysis of security events and incidents, as well as the management of incident related comments directly within the swimlane platform by integrating with zscaler deception, users can enhance their security posture with real time threat intelligence and streamline their incident response workflows, ensuring a proactive defense against deceptive attacks for more information, see the zscaler deception documentation https //docs swimlane com/connectors/zscaler deception new actions amazon aws guardduty archive findings β archives specified amazon aws guardduty findings using a detectorid and list of findingids available to administrator accounts for more information, see the amazon aws guardduty documentation https //docs swimlane com/connectors/amazon aws guardduty amazon aws s3 get bucket acl β retrieve the access control list (acl) for a specified amazon aws s3 bucket, with support for expectedbucketowner assertions requires the 'bucket' input get bucket ownership controls β retrieve ownership controls settings for a specified amazon aws s3 bucket, requiring the s3\ getbucketownershipcontrols permission get bucket policy β retrieve the json policy of a specified s3 bucket, requiring s3\ getbucketpolicy permission and regional endpoint calls for directory buckets get bucket policy status β retrieve the policy status of an amazon aws s3 bucket to check if it is publicly accessible requires 's3\ getbucketpolicystatus' permission and the bucket name get public access block β retrieve the publicaccessblock configuration for a specified amazon aws s3 bucket, requiring s3\ getbucketpublicaccessblock permissions for more information, see the amazon aws s3 documentation https //docs swimlane com/connectors/amazon aws s3 box upload file version β upload a new version of a file to box using the file's unique id, with support for path parameters and form data for more information, see the box documentation https //docs swimlane com/connectors/box censys attack surface management get risk instances by id β retrieve all active risk instances associated with a given id from your censys attack surface management attack surface for more information, see the censys attack surface management documentation https //docs swimlane com/connectors/censys attack surface management cortex xsiam retrieve case artifacts by case id β retrieve all artifacts associated with a specific case in cortex xsiam using the provided case id retrieve cases based on filters β retrieve a list of cortex xsiam cases matching specified filter criteria using the 'request data' parameter retrieve issues based on filters β retrieve a list of issues from cortex xsiam that match specified filter criteria using the provided json body update existing case β update an existing case in cortex xsiam using the specified case id and request data for more information, see the cortex xsiam documentation https //docs swimlane com/connectors/cortex xsiam grip security cancel access revocation β halt the ongoing process of revoking an employee's access in grip security using a specified actionid cancel justification request β cancel an existing justification request in grip security using a unique requestid cancel workflow by workflow run id β cancel an ongoing workflow run in grip security using the specified workflow run id delete label β remove a specific label from a saas application in grip security using the provided saas id and label get access revocation status β retrieve the revocation status for an employee's access in grip security by providing the action id get alert β retrieve detailed information for a specific alert in grip security using the unique readable id provided get alert v2 β retrieve detailed information for a specific alert in grip security using the alert's readable id get justification request link β retrieve a specific justification request link from grip security using the provided request id get justification request status β retrieve the current status of a justification request in grip security using the provided request id get saas user β retrieve detailed information for a specific user within a saas application using the user's unique identifier, saas app user id list alerts β retrieve a paginated list of alerts from the grip security system, utilizing query parameters for targeted results list alerts v2 β retrieve a paginated list of alerts from grip security using query parameters for targeted results list audit logs β retrieve a paginated list of audit logs from the grip security system using query parameters list offboarding workflows β retrieve the results of all offboarding workflows in grip security, providing a comprehensive overview run workflow by id β execute a specified workflow in grip security using the workflow id, applicable for both application based and identity based workflows send justification request β initiate a justification request for a user's use of a specified saas application in grip security, requiring a saasapplicationid start access revocation β initiate revocation of a specified employee's access across selected saas applications in grip security, requiring userid and saasids start offboarding β initiate an offboarding workflow in grip security for specified users, including user ids, inheritor mailboxes, and enhanced mode options status of a workflow β retrieve the current status of a specified workflow in grip security using the workflow id status offboarded user β retrieve the offboarding workflow status for a user in grip security using the specified workflow id status offboarding β retrieve the current status of a specified offboarding workflow in grip security using the workflow id stop offboarding β terminate an ongoing offboarding process in grip security using the specified workflow id update primary contact β update the primary contact for a specified saas in grip security using saas id and user id as identifiers update sanction status β update the sanction state of a specified saas application in grip security using saas id and new sanction state for more information, see the grip security documentation https //docs swimlane com/connectors/grip security sentinelone get unified alerts β retrieve sentinelone unified alerts to identify potential security threats within a specified scope for more information, see the sentinelone documentation https //docs swimlane com/connectors/sentinelone silent push asn takedown reputation β retrieve the takedown reputation for a specified autonomous system number (asn) from silent push, requiring an asn path parameter bulk silent push risk score for list ipv4 address β retrieve bulk risk scores for specified ipv4 addresses from silent push, requiring a json body with the 'ips' field domain search β performs a comprehensive search for domains using criteria like name servers, whois data, and domain patterns domain typosquatting search β identify potential typosquatted domain variations and filter results by excluding specified infrastructures using silent push name server changes β retrieve the history of name server changes for a specified domain via silent push, requiring the 'domain' as a path parameter name server changes summary β retrieve a summary of name server changes for a specified domain, requiring the 'domain' as a path parameter silent push risk score for ipv4 β retrieve the risk score for a specified ipv4 address from silent push using the provided path parameter whois information β retrieve whois data for a domain from silent push, requiring the domain as a path parameter for more information, see the silent push documentation https //docs swimlane com/connectors/silent push swimlane vrm enrichment enrich findings β read findings from a staging record and enrich them with async concurrency populate existing findings β populate existing findings database from findings app and upload to staging record populate vulncheck cache β populate vulncheck cache using cve ids from findings in a staging record stage enrichment β read ingestion pages and create a staging record for more information, see the swimlane vrm enrichment documentation https //docs swimlane com/connectors/swimlane vrm enrichment zscaler deception get events β retrieves a list of events from zscaler deception, with options to specify limit and offset requires read\ events permission get incidents β retrieves a list of incidents from zscaler deception, with the ability to specify limit and offset read\ incidents permission is required get list of all comments β retrieve all comments linked to a given incident in zscaler deception by providing the incidentid for more information, see the zscaler deception documentation https //docs swimlane com/connectors/zscaler deception