From 06c5e060a82bdc7e3a1c36da2dd0c40bed405e63 Mon Sep 17 00:00:00 2001 From: Rishav Yaduvanshi Date: Tue, 4 Feb 2025 22:28:29 +0530 Subject: [PATCH 1/2] CSOAR-2947: Updated the Doc for Aws EC2 & Any.Run --- .../app-central/integrations/any.run.md | 21 ++++++------ .../app-central/integrations/aws-ec2.md | 32 ++++++++++--------- 2 files changed, 28 insertions(+), 25 deletions(-) diff --git a/docs/platform-services/automation-service/app-central/integrations/any.run.md b/docs/platform-services/automation-service/app-central/integrations/any.run.md index 56b8e6d0ee..7fe8d7f68b 100644 --- a/docs/platform-services/automation-service/app-central/integrations/any.run.md +++ b/docs/platform-services/automation-service/app-central/integrations/any.run.md @@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; any.run -***Version: 1.3 -Updated: Jun 15, 2023*** +***Version: 1.4 +Updated: Feb 04, 2025*** Gather detonation data for files and URL using `ANY.RUN`. @@ -23,19 +23,20 @@ Sign in to ANY.RUN. Click on your profile on the left menu. In the API and Limit ## ANY.RUN in Automation Service and Cloud SOAR -1. Access integrations in the [Automation Service](/docs/platform-services/automation-service/automation-service-integrations/#view-integrations) or [Cloud SOAR](/docs/cloud-soar/automation). -1. After the list of the integrations appears, search for the integration and click on the row. -1. The integration details will appear. Click on the **"+"** button to add new Resource.
any.run-3 -1. Populate all the required fields (\*): +1. Access integrations in the [Automation Service](/docs/platform-services/automation-service/automation-service-integrations/#view-integrations) or [Cloud SOAR](/docs/cloud-soar/automation). +2. After the list of the integrations appears, search for the integration and click on the row. +3. The integration details will appear. Click on the **"+"** button to add new Resource.
any.run-3 +4. Populate all the required fields (\*): * **URL**. 'https://api.any.run' * **API Key**. The API Key you copied earlier. -1. Click **SAVE**.
any.run-4 -1. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
any.run-5 -1. Click **TEST SAVED SETTINGS**.
any.run-6 -1. You should receive a successful notification in the bottom right corner.
any.run-7 +5. Click **SAVE**.
any.run-4 +6. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
any.run-5 +7. Click **TEST SAVED SETTINGS**.
any.run-6 +8. You should receive a successful notification in the bottom right corner.
any.run-7 ## Change Log * February 21, 2020 - First upload * February 13, 2023 - Integration refactored * June 15, 2023 (v1.3) - Updated the integration with Environmental Variables +* February 04, 2025 (v1.4) - Updated the action Get Report with Environmental Variables \ No newline at end of file diff --git a/docs/platform-services/automation-service/app-central/integrations/aws-ec2.md b/docs/platform-services/automation-service/app-central/integrations/aws-ec2.md index 8ab4141224..43a59e6292 100644 --- a/docs/platform-services/automation-service/app-central/integrations/aws-ec2.md +++ b/docs/platform-services/automation-service/app-central/integrations/aws-ec2.md @@ -6,36 +6,37 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; aws -***Version: 1.4 -Updated: July 04, 2024*** +***Version: 1.5 +Updated: Feb 04, 2025*** Using the integration with EC2, you can enrich incidents with specific EC2 data, create and delete snapshots, work with elastic addresses and instances, and manipulate security groups. ## Actions -* **Describe Regions** (*Enrichment*) - Describes the Regions that are enabled for an account, or all Regions. -* **Describe Instances** (*Enrichment*) - Describes the specified instances or all of AWS account's instances. +* **Authorize Security Group Ingress Rule** (*Containment*) - Adds the specified ingress rules to a security group. +* **Create Snapshot** (*Containment*) - Creates a new snapshot. +* **Delete Security Group** (*Containment*) - Delete a security group. +* **Delete Snapshot** (*Containment*) - Deletes an existing snapshot. * **Describe Addresses** (*Enrichment*) - Describes the specified Elastic IP addresses or all Elastic IP addresses. -* **Describe Volumes** (*Enrichment*) - Describes the specified EBS volumes or all EBS volumes. +* **Describe Instances** (*Enrichment*) - Describes the specified instances or all of AWS account's instances. +* **Describe Instances V2** (*Enrichment*) - Describes the specified instances or all of AWS account's instances with pagination. * **Describe Key Pairs** (*Enrichment*) - Describes the specified key pairs or all key pairs. -* **Describe VPCs** (*Enrichment*) - Describes one or more VPCs. +* **Describe Regions** (*Enrichment*) - Describes the Regions that are enabled for an account, or all Regions. * **Describe Subnets** (*Enrichment*) - Describes one or more subnets. * **Describe Security Groups** (*Enrichment*) - Describes the specified security groups or all security groups. * **Describe Snapshots** (*Enrichment*) - Describes a specified EBS snapshots or all of the EBS snapshots available. -* **Get Password Data** (*Enrichment*) - Retrieves the encrypted administrator password for a running Windows instance. -* **Create Snapshot** (*Containment*) - Creates a new snapshot. -* **Delete Snapshot** (*Containment*) - Deletes an existing snapshot. +* **Describe Volumes** (*Enrichment*) - Describes the specified EBS volumes or all EBS volumes. +* **Describe VPCs** (*Enrichment*) - Describes one or more VPCs. * **Disassociate Address** (*Containment*) - Disassociates an Elastic IP address from an instance or network interface it's associated with. +* **Get Password Data** (*Enrichment*) - Retrieves the encrypted administrator password for a running Windows instance. +* **Monitor Instance** (*Containment*) - Monitor a specific instance. * **Release Address** (*Containment*) - Releases the specified Elastic IP address. +* **Reboot Instances** (*Containment*) - Reboot instances. +* **Revoke Security Group Ingress Rule** (*Containment*) - Removes the specified ingress rules from a security group. * **Start Instance** (*Containment*) - Start an instance. * **Stop Instance** (*Containment*) - Stop an instance. * **Terminate Instance** (*Containment*) - Terminate an instance. -* **Delete Security Group** (*Containment*) - Delete a security group. -* **Monitor Instance** (*Containment*) - Monitor a specific instance. * **Unmonitor Instances** (*Containment*) - Discontinue monitoring of a specified instances. -* **Reboot Instances** (*Containment*) - Reboot instances. -* **Authorize Security Group Ingress Rule** (*Containment*) - Adds the specified ingress rules to a security group. -* **Revoke Security Group Ingress Rule** (*Containment*) - Removes the specified ingress rules from a security group. **Supported Versions** @@ -54,4 +55,5 @@ Using the integration with EC2, you can enrich incidents with specific EC2 data, + Updated action: Stop Instance (Resolved bug related to checkbox fields) + July 04, 2024 (v1.4) + Updated action: Describe Instances (Resolved bug related to Instance ID field) - ++ February 04, 2025 (v1.5) + + Added action: Describe Instances V2 \ No newline at end of file From 1d51c226a7d46853fc85cc209cb65a862387c197 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Tue, 4 Feb 2025 11:25:41 -0600 Subject: [PATCH 2/2] Updates from review --- .../app-central/integrations/any.run.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/platform-services/automation-service/app-central/integrations/any.run.md b/docs/platform-services/automation-service/app-central/integrations/any.run.md index 7fe8d7f68b..519a84b33f 100644 --- a/docs/platform-services/automation-service/app-central/integrations/any.run.md +++ b/docs/platform-services/automation-service/app-central/integrations/any.run.md @@ -24,15 +24,15 @@ Sign in to ANY.RUN. Click on your profile on the left menu. In the API and Limit ## ANY.RUN in Automation Service and Cloud SOAR 1. Access integrations in the [Automation Service](/docs/platform-services/automation-service/automation-service-integrations/#view-integrations) or [Cloud SOAR](/docs/cloud-soar/automation). -2. After the list of the integrations appears, search for the integration and click on the row. -3. The integration details will appear. Click on the **"+"** button to add new Resource.
any.run-3 -4. Populate all the required fields (\*): +1. After the list of the integrations appears, search for the integration and click on the row. +1. The integration details will appear. Click on the **"+"** button to add new Resource.
any.run-3 +1. Populate all the required fields (\*): * **URL**. 'https://api.any.run' * **API Key**. The API Key you copied earlier. -5. Click **SAVE**.
any.run-4 -6. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
any.run-5 -7. Click **TEST SAVED SETTINGS**.
any.run-6 -8. You should receive a successful notification in the bottom right corner.
any.run-7 +1. Click **SAVE**.
any.run-4 +1. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
any.run-5 +1. Click **TEST SAVED SETTINGS**.
any.run-6 +1. You should receive a successful notification in the bottom right corner.
any.run-7 ## Change Log