Active Directory SOAR Integration¶
This document details the tools provided by the Active Directory SOAR integration.
Tools¶
active_directory_get_group_members¶
Get the members list of the provided group name in Active Directory
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.group_name(str, required): Specify whether the name of the group of which you would like to list down the group members.members_type(List[str], required): Specify the member type of the group.perform_nested_search(bool, required): Specify whether the action should fetch additional details regarding groups found in the main group.limit(str, required): Specify the maximum number of listings to fetch from Active Directorytarget_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_force_password_update¶
Force user password update on the next logon
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_enable_computer¶
Enable a computer account
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_get_manager_contact_details¶
Get manager’s contact details from active directory
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_disable_account¶
Disable the user account
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_enable_account¶
Enable the user account
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_change_user_ou¶
Change a user’s Organizational Unit (OU)
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.ou_name(str, required): The name of the new user’s OUtarget_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_remove_user_from_group¶
Remove user from groups.
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.group_name(str, required): Specify a comma-separated list of groups from which action should remove users.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_ping¶
Test Active Directory connectivity
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_list_user_groups¶
Get list of all users groups in Active Directory
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_update_attributes_of_an_ad_user¶
Update attributes of an existing Active Directory users.
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.attribute_name(str, required): The name of the attribute to update. Default: Description.attribute_value(str, required): The attribute value to update.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_update_attributes_of_an_ad_host¶
Update attributes of an existing Active Directory hosts.
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.attribute_name(str, required): The name of the attribute to update. Default: Description.attribute_value(str, required): The attribute value to update.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_release_locked_account¶
Release locked account
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_change_host_ou¶
Change a Host’s Organizational Unit (OU)
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.ou_name(str, required): The name of the new user’s OUtarget_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_enrich_entities¶
Enrich Hostname or Username entities with Active Directory properties
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.mark_entities_as_internal(Optional[bool], optional, default=None): Specify whether successfully enriched entities should be automatically marked as “Internal Entity”specific_attribute_names_to_enrich_with(Optional[str], optional, default=None): Provide a comma separated list of attribute names to enrich the entities with. If nothing is provided - action will enrich with all available attributes. If an attribute contains a few values - it will be enriched with all of the available values. Parameter is case sensitive.should_case_wall_table_be_filtered_by_the_specified_attributes(Optional[bool], optional, default=None): If checked, the Case Wall Table for this action will only present the specified attributes, found in the “Specific Attribute Names To Enrich With” parameter.should_json_result_be_filtered_by_the_specified_attributes(Optional[bool], optional, default=None): If checked, the JSON result for this action will only return the specified attributes, found in the “Specific Attribute Names To Enrich With” parameter.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_add_user_to_group¶
Add user to groups.
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.group_name(str, required): Specify a comma-separated list of groups to which action should add users.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_set_user_password¶
Set a user’s password Note - For this action, please make sure to have a verified SSL connection and a strong password that will match the password rules in your organization
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.new_password(str, required): (No description provided in source)target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_disable_computer¶
Disable a computer account
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_is_user_in_group¶
Check whether a user is a member of a specific group
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.group_name(str, required): Group name to be checked. e.g. Administrators. Please make sure group name is spelled correctly, and exists in Active Directory.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.
active_directory_search_active_directory¶
Search Active Directory with Siemplify, using your personal query.
Parameters:
case_id(str, required): The ID of the case.alert_group_identifiers(List[str], required): Identifiers for the alert groups.query_string(str, required): Specify the query string you would like to perform in AD.limit(Optional[str], optional, default=None): Specify the maximum number of listings to fetch from Active Directory.target_entities(List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(str, optional, default=“All entities”): Defines the scope for the action.