RiskIQ Global Inventory
App Vendor: RiskIQ
App Category: Data Enrichment and Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
The RiskIQ Global Inventory endpoint allows you to query RiskIQs inventory of assets.
The RiskIQ Global Inventory app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Assets | This action adds assets. |
Cancel Asynchronous Update Task | This action cancels further processing of an asynchronous global inventory update task. |
Generic Action | This is a generic action to perform any additional use case on RiskIQ Global Inventory. |
Retrieve Asset Details by ID | This action retrieves the asset details using the asset UUID. |
Retrieve Assets | This action retrieves assets of a specified name and type. |
Retrieve Asynchronous Update Task Status | This action retrieves the status of an asynchronous global inventory update task. |
Retrieve Asynchronous Update Task Status by User | This action retrieves the status of all asynchronous global inventory update tasks. |
Retrieve Confirmed Assets Summary | This action retrieves the summary of confirmed assets describing counts of confirmed assets that have been added or removed from inventory over the given time period. |
Retrieve Connected Assets | This action retrieves assets that are connected to the requested asset. |
Retrieve List of Asset Policy Engine | This action retrieves a list of asset policy engines. |
Retrieve List of Brands | This action retrieves a list of brands defined for a workspace. |
Retrieve List of Organisations | This action retrieves a list of organizations defined for a workspace. |
Retrieve List of Precomputed Assets | This action retrieves a list of precomputed assets. |
Retrieve List of Saved Searches | This action retrieves a list of saved searches for a workspace. |
Retrieve List of Tags | This action retrieves a list of tags defined for a workspace. |
Retrieve Recent Dataset for Assets | This action retrieves a recent dataset for a set of assets from the global inventory. |
Retrieve the List of Confirmed Assets | This action retrieves a list of confirmed assets that have been added or removed from inventory over the given time period. |
Search Historical Dataset for Asset | This action searches the global inventory historical dataset for a set of assets that match the criteria. |
Search Recent Dataset for Asset by Query | This action searches the global inventory recent dataset for a set of assets that match the criteria. |
Update Assets | This action updates assets. |
Update Assets Historically | This action updates assets. This action will use historical search if updating via a query, otherwise, it works the same as the action Update Assets. |
Configuration Parameters
The following configuration parameters are required for the RiskIQ Global Inventory app to communicate with the RiskIQ Global Inventory enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL of the RiskIQ instance. | Text | Required |
|
API Key | Enter the API key to authenticate the client. | Password | Required |
|
API Secret Key | Enter the API secret key to authenticate the client. | Password | Required |
|
Verify | Choose to verify SSL certificates. Example: true | Boolean | Optional | Default value: false |
Action: Add Assets
This action adds assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the payload of the asset to add. Example: {"assets": ["cyware.com"]} | Any | Required |
|
Fail on Error | If this parameter is set to true, then the request will fail on detecting invalid updates. If this is set to false, then invalid updates will be skipped. Example: true | Boolean | Optional | Default value: true Allowed values:
|
Action: Cancel Asynchronous Update Task
This action cancels further processing of an asynchronous global inventory update task.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task ID | Enter the ID of the asynchronous task to cancel. | Text | Required |
|
Action: Generic Action
This is a generic action to perform any additional use case on RiskIQ Global Inventory.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the endpoint to initiate the request. Example: "/v1/globalinventory/assets/add" | Text | Required |
|
Method | Enter the HTTP method. Example: "GET" | Text | Required |
|
Payload | Enter the payload data to pass to the API. Example: {"assets": ["cyware.com"]} | Any | Optional |
|
Query Params | Enter the query parameters to filter the result. Example: {"failonerror": true} | Key Value | Optional |
|
Action: Retrieve Asset Details by ID
This action retrieves the asset details using the asset UUID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Asset UUID | Enter the UUID of the asset to retrieve. Example: "12345678-1234-1234-1234-123456789012" | Text | Required |
|
Global Value | Choose to retrieve global assets. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Recent | Choose to retrieve recently added assets. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Action: Retrieve Assets
This action retrieves assets of a specified name and type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Type | Enter the type of the asset to retrieve. Example: "domain" | Text | Required | Allowed values:
|
Name | Enter the name of the asset to retrieve. Example: "cyware.com" | Text | Required |
|
Global Value | Choose to retrieve global assets. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Size | Enter the number of items to retrieve per page. Example: "10" | Text | Optional |
|
Recent | Choose to retrieve recently added assets. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Action: Retrieve Asynchronous Update Task Status
This action retrieves the status of an asynchronous global inventory update task.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Task ID | Enter the ID of the task to retrieve. Example: "12345678-1234-1234-1234-123456789012" | Text | Required |
|
Action: Retrieve Asynchronous Update Task Status by User
This action retrieves the status of all asynchronous global inventory update tasks.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to retrieve the status of asynchronous update tasks associated with a user. | Text | Optional |
|
Action: Retrieve Confirmed Assets Summary
This action retrieves the summary of confirmed assets describing counts of confirmed assets that have been added or removed from inventory over the given time period.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Date | Enter the date of the run in which the changes were identified. Example: "2020-01-01" | Text | Optional |
|
Range | Enter the period of time over which the changes were identified. Example: "1d" | Text | Optional | Allowed values:
|
Brand | Enter the brand of the asset to retrieve. Example: "cyware.com" | Text | Optional |
|
Organisation | Enter the organization of the asset to retrieve. | Text | Optional |
|
Tag | Enter the tag of the asset to retrieve. | Text | Optional |
|
Action: Retrieve Connected Assets
This action retrieves assets that are connected to the requested asset.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Type | Enter the type of the asset to retrieve. Example: "domain" | Text | Required | Allowed values:
|
Name | Enter the asset name to retrieve. Example: "cyware.com" | Text | Required |
|
Global Value | Choose to retrieve global assets. | Boolean | Optional | Default value: false |
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Size | Enter the maximum number of newly opened port hits that will be returned. Example: "10" | Text | Optional |
|
Action: Retrieve List of Asset Policy Engine
This action retrieves a list of asset policy engines.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Period | Enter the newly open port period in days. Example: "7" | Text | Optional | Allowed values:
|
Ports | Enter the comma delimited list of ports used to limit the results to those which include a port in the list. Example: $LIST[80,443] | List | Optional |
|
Exclude Ports | Enter the comma-delimited list of ports used to limit the results to those which do not include a port in the list. Example: $LIST[234, 126] | List | Optional |
|
After | Enter the timestamp in epoch format used to limit the results to newly opened port hits seen after the timestamp. Example: "1685344886" | Text | Optional |
|
Stream | Choose to indicate if the request is using the streaming feature of the endpoint. Example: true | Boolean | Optional |
|
Size | Enter the maximum number of newly opened port hits that will be returned. Example: "10" | Text | Optional |
|
Action: Retrieve List of Brands
This action retrieves a list of brands defined for a workspace.
Action Input Parameters
This action does not require any action input parameter.
Action: Retrieve List of Organisations
This action retrieves a list of organizations defined for a workspace
Action Input Parameters
This action does not require any action input parameter.
Action: Retrieve List of Precomputed Assets
This action retrieves a list of precomputed assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Type | Enter risk metric type to retrieve assets. Example: "domain" | Text | Required | Allowed values:
|
Size | Enter the number of matching assets to return per page. Example: "10" | Text | Optional | Default value: "20" |
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Action: Retrieve List of Saved Searches
This action retrieves a list of saved searches for a workspace.
Action Input Parameters
This action does not require any action input parameter.
Action: Retrieve List of Tags
This action retrieves a list of tags defined for a workspace.
Action Input Parameters
This action does not require any action input parameter.
Action: Retrieve Recent Dataset for Assets
This action retrieves a recent dataset for a set of assets from the global inventory.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Saved Search ID | Enter the saved search ID. Example: "12345678-1234-1234-1234-123456789012" | Text | Optional |
|
Saved Search Name | Enter the saved search name. Example: "critical_asset" | Text | Optional |
|
Global Value | Choose to retrieve global assets. Example: true | Boolean | Optional | Default value: false |
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Size | Enter the number of matching assets to return per page. Example: "10" | Text | Optional |
|
Action: Retrieve the List of Confirmed Assets
This action retrieves a list of confirmed assets that have been added or removed from inventory over the given time period.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Type | Enter the type of the asset to retrieve. Example: "domain" | Text | Optional | Allowed values:
|
Date | Enter the date of the run on which the changes were identified. Example: "2020-01-01" | Text | Optional |
|
Range | Enter the period of time over which the changes were identified. Example: "1d" | Text | Optional | Allowed values:
|
Measure | Enter the measure. Example: "added" | Text | Optional | Allowed values:
|
Brand | Enter the brand of the asset to retrieve. Example: "cyware.com" | Text | Optional |
|
Organisation | Enter the organisation of the asset to retrieve. Example: "cyware.com" | Text | Optional |
|
Tag | Enter the tag of the asset to retrieve. Example: "cyware.com" | Text | Optional |
|
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Size | Enter the number of matching assets to return per page. Example: "10" | Text | Optional |
|
Action: Search Historical Dataset for Asset
This action searches the global inventory historical dataset for a set of assets that match the criteria.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter a query to search the historical dataset. Example: "critical_asset" | Text | Required |
|
Filters | Enter the filters to retrieve specific results. Example: {"brand": ["cyware.com"]} | Key Value | Required |
|
Global Value | Choose to retrieve global assets. Example: true | Boolean | Optional |
|
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Size | Enter the number of matching assets to return per page. Example: "10" | Text | Optional |
|
Recent | Choose to retrieve recently added assets. Example: true | Boolean | Optional |
|
Action: Search Recent Dataset for Asset by Query
This action searches the global inventory recent dataset for a set of assets that match the criteria.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter a query to search the recent dataset. | Text | Required |
|
Filters | Enter the filters to retrieve specific results. Example: {"brand": ["cyware.com"]} | Key Value | Required |
|
Global Value | Choose to retrieve global assets. Example: true | Boolean | Optional |
|
Page | Enter the page number to retrieve results from a specific page. Example: "1" | Text | Optional | 0 indicates page 1, 1 indicates page 2, and so on. |
Size | Enter the number of matching assets to return per page. Example: "10" | Text | Optional |
|
Action: Update Assets
This action updates assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the payload of the asset to update. Example: {"assets": ["cyware.com"]} | Any | Required | |
Fail on Error | If this parameter is set to true, then the request will fail on detecting invalid updates. If this is set to false, then any invalid updates will be skipped. Example: true | Boolean | Optional | Default value: true Allowed values:
|
Action: Update Assets Historically
This action updates assets and uses historical search if updating via a query, otherwise, it works the same as the action Update Assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Payload | Enter the payload of the asset to update. Example: {"assets": ["cyware.com"]} | Any | Required | |
Fail on Error | If this parameter is set to true, then the request will fail on detecting invalid updates. If this is set to false, then any invalid updates will be skipped. Example: true | Boolean | Optional | Default value: true Allowed values:
|