Cisco CloudLock
App Vendor: Cisco
App Category: Network Security
Connector Version: 1.0.1
API Version: 2.0.0
About App
The Cisco CloudLock Connector app allows security teams to integrate with Cisco CloudLock enterprise application to protect cloud users, data, and apps by tracking incidents, organizational policies, and suspicious IPs.
The Cisco CloudLock app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Create a new suspicious IP address in an organization's library | This action creates a new suspicious custom IP address in an organization's library using pre-defined fields. |
Create a new trusted IP address in an organization's library | This action creates a new trusted custom IP address in an organization's library using pre-defined fields in the Cisco ClouLlock application. |
Get a list of Incident aggregates for policies | This action retrieves a list of incident aggregates for policies. |
Get a list of incident aggregates for users | This action retrieves a list of incident aggregates for users. |
Get a list of incidents | This action retrieves a list of incidents using query parameters. |
Get a list of organizations' suspicious IP collection feeds | This action retrieves a list of suspicious IP address collection feeds from an organization's library using query parameters. |
Get a list of organizations' trusted IP collection feeds | This action retrieves a list of trusted IP address collection feeds from an organization's library using query parameters. |
Get details of an Incident | This action retrieves details of the specific incident using the UID of the incident from The Cisco CloudLock Application |
Get entity information for an incident | This action retrieves details of a specific entity information for an incident using the UID of the entity. |
Get list of Organization's Applications | This action retrieves a list of an organization's applications using query params from The Cisco CloudLock Application. |
Get list of Organization's Entities | This action retrieves a list of an organization's entities(assets) using query params from The Cisco CloudLock Application. |
Get list of Organization's Policies | This action retrieves a list of an organization's policies using query params from The Cisco CloudLock Application. |
Get list of Organization's Users | This action retrieves a list of an organization's users using query params from The Cisco CloudLock Application. |
Get list of UBA Activities | This action retrieves a list of UBA (User Behavioral Analysis) activities using query params from The Cisco CloudLock Application. |
Remove suspicious IP addresses from an organization's library | This action removes suspicious IP addresses from an organization's library using entries ID from the Cisco CloudLock application. |
Remove trusted IP addresses from an Organization's library | This action removes trusted IP addresses from an organization's library using entries id from The Cisco CloudLock Application |
Update Suspicious IP address from an Organization's library | This action updates suspicious IP address entries from an organization's library using uid and fields in The Cisco CloudLock Application |
Update trusted IP address from an organization's library | This action updates the trusted IP address entry from an organization's library using UID and fields. |
Configuration Parameters
The following configuration parameters are required for the Cisco CloudLock app to communicate with the Cisco enterprise application. The parameters can be configured by creating instances in the app.
Parameters | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the Cisco Cloudlock base URL. Example: <https://YourAPIServer[:port]>,<https://<provided-by-Cloudlock-support>.cloudlock.com> | Text | Required |
|
Token | Enter the Cisco Cloudlock token. | Text | Required |
|
Action: Create a new suspicious IP address in an organization's library
This action creates a new suspicious custom IP address in an organization's library using pre-defined fields.
Action: Create a new trusted IP address in an organization's library
This action creates a new trusted custom IP address in an organization's library using pre-defined fields in the Cisco Cloudlock application.
Action: Get a list of Incident aggregates for policies
This action retrieves a list of incident aggregates for policies.
Action: Get a list of incident aggregates for users
This action retrieves a list of incident aggregates for users.
Action: Get a list of incidents
This action retrieves a list of incidents using query parameters.
Action: Get a list of organization's suspicious IP collection feeds
This action retrieves a list of suspicious IP addresses collection feeds from an organization's library using query parameters.
Action: Get a list of organization's trusted IP collection feeds
This action retrieves a list of trusted IP addresses collection feeds from an organization's library using query parameters.
Action: Get details of an Incident
This action retrieves details of the specific single incident using the UID of incident from The Cisco Cloudlock Application.
Action: Get entity information for an incident
This action retrieves details of a specific entity information for an incident using UID of entity.
Action: Get list of Organization's Applications
This action retrieves a list of an organization's applications using query params from The Cisco Cloudlock Application.
Action: Get list of Organization's Entities
This action retrieves a list of an organization's entities(assets) using query params from The Cisco Cloudlock Application
Action: Get list of Organization's Policies
This action retrieves list of an organization's policies using query params from The Cisco Cloudlock Application
Action: Get list of UBA Activities
This action retrieves list of UBA (User Behavioral Analysis) activities using query params from The Cisco Cloudlock Application.
Action: Remove suspicious IP addresses from an organization's library
This action removes suspicious IP addresses from an organization's library using entries ID from the Cisco Cloudlock application.
Action: Remove trusted IP addresses from an Organization's library
This action removes trusted IP addresses from an organization's library using entries id from The Cisco Cloudlock Application
Action: Update Suspicious IP address from an Organization's library
This action updates suspicious IP address entry from an organization's library using UID and fields in The Cisco Cloudlock Application
Action: Update trusted IP address from an organization's library
This action updates the trusted IP address entry from an organization's library using UID and fields.