ZeroFox 1.0.0
App Vendor: ZeroFox
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
The ZeroFox app allows security teams to integrate with the ZeroFox enterprise application. The app provides actions to manage alerts, accounts, and indicators to detect risks on digital channels.
The ZeroFox app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get all Alerts | This action retrieves all alerts with their description. |
Read an Alert | This action reads a specific alert by alert ID. |
Add an Indicator | This action adds an indicator that is associated with an alert to the threat feed. |
Get all related Entity accounts | This action retrieves all entity accounts belonging to the calling user's enterprise. |
Configuration Parameters
The following configuration parameters are required for the ZeroFox app to communicate with the ZeroFox enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API Token. | Text | Required | |
Base URL | Enter the Base URL. | Text | Required |
Action: Add an Indicator
This action adds an indicator that is associated with an alert to the threat feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the Alert ID. Example: <Sample Alert ID> | Integer | Required | |
Indicator Type | Enter the threat feed indicator type. Example: <sample indicator type> | Text | Required | |
Value for New Indicator | Enter the value to use while creating the threat feed indicator. Example: <sample value> | Text | Required |
Example Request
[
{
"alert_id": "<Sample Alert ID>",
"indicator_type": "<Sample Indicator type>",
"indicator_value": "<Sample value>"
}
]Action: Get all Alerts
This action retrieves all alerts with their description.
Action Input Parameters
This action does not require any input parameters.
Action: Read an Alert
This action reads a specific alert by alert ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. Example: <sample alert id> | Integer | Required |
Example Request
[
{
"alert_id": "<Sample Alert ID>"
}
]