Zafran
App Vendor: Zafran
App Category: Vulnerability Management
Connector Version: 1.0.0
API Version: 1.0.0
About App
The Zafran app helps security teams automate threat response and vulnerability management by surfacing real-time vulnerability data, asset context, and mitigation history to support enriched investigations and proactive threat hunting.
The Zafran app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Download Export File | This action downloads the file generated by the export all vulnerabilities action. You can choose whether to directly download the file or simply return the response content in the specified format. |
Export All Vulnerabilities | This action exports all vulnerabilities detected in the last 30 days into a specified file format. |
Export Mitigations | This action exports recommended mitigations that match the specified filter criteria using ZQL (Zafran Query Language). |
Generic Action | This is a generic action used to make requests to any zafran endpoints. |
Get Vulnerability Details | This action retrieves comprehensive details about a vulnerability finding, including runtime context, network reachability, threat intelligence, and any associated compensating controls. |
Query Assets | This action retrieves a list of assets that match the specified filter criteria using ZQL (Zafran Query Language). |
Query Audit Events | This action retrieves a list of audit events from the past 30 days using the specified query parameters. |
Query Vulnerabilities | This action retrieves a list of vulnerability findings based on filters defined using ZQL (Zafran Query Language). |
Update Mitigations Performed | This action updates the status of one or more mitigations that have been performed. |
Configuration Parameters
The following configuration parameters are required for the Zafran app to communicate with the Zafran enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key for authentication. | Password | Required | |
Base URL | Enter the base URL to access zafran. | Text | Optional | Default value: https://api.zafran.io/api/v2 |
Timeout | Enter the timeout value (in seconds) for the API request. | Integer | Optional | Allowed range: 15-120 seconds Default value: 15 seconds |
Verify | Choose to verify SSL certification. allowed values are true and false. | Boolean | Optional | By default, verification is enabled |
Action: Download Export File
This action downloads the file generated by the Export All Vulnerabilities action. You can choose whether to directly download the file or simply return the response content in the specified format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Export ID | Enter the unique identifier of the export operation to download the corresponding file. | Text | Required | |
File Name | Enter the file name along with the format to download. For example, if the export format is csv, use export_id.csv. | Text | Optional | By default, the file name is set to export_id.txt |
Download File | Choose true to download the file and return the file path in the response. If you choose false, the file content is returned directly in the response. | Boolean | Optional | Default value: false |
Response Type | Enter the response format of the file. | Text | Optional | Allowed values: text and content |
Action: Export All Vulnerabilities
This action exports all vulnerabilities detected in the last 30 days into a specified file format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Export Format | Enter the format in which the vulnerability data should be exported. | Text | Optional | Allowed formats: JSON, CSV.GZ, or JSON.GZ. Default value: JSON |
Query | Enter a Zafran Query Language (ZQL) expression to export only specific vulnerabilities. | Text | Optional | |
Sort Column | Enter the column to sort the results. | Text | Optional | Allowed values: asset_id, last_updated, first_seen, last_seen, and zafran_applicable_score |
Sort Order | Enter the sorting direction for the results. | Text | Optional | Allowed values: asc and desc |
Action: Export Mitigations
This action exports recommended mitigations that match the specified filter criteria using ZQL (Zafran Query Language).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Filter | Enter a Zafran Query Language (ZQL) expression to filter mitigations. | Text | Optional |
Action: Generic Action
This is a generic action used to make requests to any Zafran endpoints.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, and DELETE |
Endpoint | Enter the endpoint to make the request to. Example: /assets | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type |
Action: Get Vulnerability Details
This action retrieves comprehensive details about a vulnerability finding, including runtime context, network reachability, threat intelligence, and any associated compensating controls.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Finding ID | Enter the unique ID of the vulnerability finding to retrieve its information. | Text | Required |
Action: Query Assets
This action retrieves a list of assets that match the specified filter criteria using ZQL (Zafran Query Language).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Offset | Enter the starting index of the results to skip a specific number of records and paginate through the results. | Integer | Optional | Default value is 0, which represents the first item. |
Count | Enter the maximum number of assets to retrieve in the response. | Integer | Optional | Default value: 10000 |
Query | Enter a Zafran Query Language (ZQL) expression to filter assets. | Text | Optional |
Action: Query Audit Events
This action retrieves a list of audit events from the past 30 days using the specified query parameters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
From Time | Enter the start timestamp in UTC (ISO 8601 format) to begin querying audit events from. This must be within the past 30 days. Example: 1970-01-01t00:00:00z | Text | Required |
Action: Query Vulnerabilities
This action retrieves a list of vulnerability findings based on filters defined using ZQL (Zafran Query Language).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Offset | Enter the starting index of the results to skip a specific number of records and paginate through the results. | Integer | Optional | Default value is 0, which represents the first item. |
Count | Enter the maximum number of vulnerability findings to retrieve in the response. | Integer | Optional | Default value: 100 |
Query | Enter a Zafran Query Language (ZQL) expression to filter vulnerabilities. | Text | Optional |
Action: Update Mitigations Performed
This action updates the status of one or more mitigations that have been performed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Mitigation ID | Enter the ID of the mitigation to update. | Text | Required | |
Status | Enter the status of the mitigation to update. | Text | Required | Allowed values: new, pending_approval, rejected, in_progress, and completed |
External Ticket ID | Enter the external service ticket ID. | Text | Optional | |
External Ticket URL | Enter the external service ticket URL. | Text | Optional |