New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XDR Expandr-3361 #30308
XDR Expandr-3361 #30308
Changes from all commits
e7d6ace
27f9744
b527309
3fd286e
ea88d25
0302c98
d605bff
360fea8
db4c43d
d304dd1
4fa86c2
73a465d
a4df871
6ddd4ba
765532c
e2fd74d
352b512
0e08a7a
abe8312
10fe2eb
8ab4918
8d540f0
66ce679
82e7016
ec1c0f7
e4f709b
0078a0d
807154d
4365b2c
723ab5f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
|
||
#### Scripts | ||
##### CoreIRApiModule | ||
Added the *public_ip_list* argument for the ***get_endpoints()*** API call. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
#### Integrations | ||
|
||
##### Investigation & Response | ||
|
||
Added the *public_ip_list* argument for the ***core-get-endpoints*** command. |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -777,10 +777,15 @@ script: | |
isArray: true | ||
name: dist_name | ||
- description: |- | ||
A comma-separated list of IP addresses. | ||
Example: 8.8.8.8,1.1.1.1. | ||
A comma-separated list of private IP addresses. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What effect will it have on customers already using the ip_list not as a private IP list. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @omerKarkKatz , so my understanding (and discussing with XDR PS) is that the the ip_list argument pull the IP address of the endpoint, but it will always be a private IP. This is even the case that there is a public IP address assigned There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks for the response, I didn't fully understand this but we will go over it in the Demo. |
||
Example: 10.1.1.1,192.168.1.1. | ||
isArray: true | ||
name: ip_list | ||
- description: |- | ||
A comma-separated list of public IP addresses that correlate to the last IPv4 address from which the XDR agent connected (know as `Last Origin IP`). | ||
Example: 8.8.8.8,1.1.1.1. | ||
isArray: true | ||
name: public_ip_list | ||
- description: |- | ||
The group name to which the agent belongs. | ||
Example: group_name1,group_name2. | ||
|
@@ -798,19 +803,20 @@ script: | |
- description: |- | ||
A comma-separated list of alias names. | ||
Examples: alias_name1,alias_name2. | ||
isArray: true | ||
name: alias_name | ||
- auto: PREDEFINED | ||
description: Specifies whether the endpoint was isolated or unisolated. | ||
isArray: true | ||
- description: |- | ||
Specifies whether the endpoint was isolated or unisolated. | ||
name: isolate | ||
auto: PREDEFINED | ||
predefined: | ||
- isolated | ||
- unisolated | ||
- description: |- | ||
Hostname | ||
Example: hostname1,hostname2. | ||
isArray: true | ||
name: hostname | ||
isArray: true | ||
- description: |- | ||
All the agents that were first seen after {first_seen_gte}. | ||
Supported values: | ||
|
@@ -842,19 +848,19 @@ script: | |
- defaultValue: '0' | ||
description: Page number (for pagination). The default is 0 (the first page). | ||
name: page | ||
- defaultValue: '30' | ||
description: Maximum number of endpoints to return per page. The default and maximum is 30. | ||
- description: Maximum number of endpoints to return per page. The default and maximum is 30. | ||
name: limit | ||
defaultValue: '30' | ||
- auto: PREDEFINED | ||
description: Specifies whether to sort endpoints by the first time or last time they were seen. Can be "first_seen" or "last_seen". | ||
name: sort_by | ||
predefined: | ||
- first_seen | ||
- last_seen | ||
- auto: PREDEFINED | ||
defaultValue: asc | ||
- name: sort_order | ||
description: The order by which to sort results. Can be "asc" (ascending) or "desc" ( descending). Default set to asc. | ||
name: sort_order | ||
auto: PREDEFINED | ||
defaultValue: asc | ||
predefined: | ||
- asc | ||
- desc | ||
|
@@ -2728,8 +2734,8 @@ script: | |
auto: PREDEFINED | ||
defaultValue: 'true' | ||
predefined: | ||
- 'true' | ||
- 'false' | ||
- 'true' | ||
- 'false' | ||
description: Returns information about each alert ID. | ||
name: xdr-get-cloud-original-alerts | ||
outputs: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a difference between ip_list and public_ip_list?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ip_list is for private IP addresses and public_ip_list is for public IP addresses (also know as "last origin IP")