Welcome to DTonomy’s documentation!

Contents:

• Getting Started
  • Overview
    • Access DTonomy
    • Architecture
  • Quick Start
    • Ingestion
    • Case Creation
    • Analysis
    • Response
  • Example Use Cases
    • Phishing Email Analysis
    • SIEM Alerts Analysis
• Alerts and Detections
  • Ingestion
    • Pull
    • Post
  • Existing Connectors
    • Aruba ClearPass
    • Aws
    • Azure
    • Agent-based collector
    • Akamai Security Events
    • Alientvault OTX
    • Barracuda CloudGen Firewall
    • Barracuda WAF
    • Broadcom Symantec Data Loss Prevention(DLP)
    • BlackBerry CylancePROTECT
    • Cisco ASA Firewall
    • Cisco Meraki
    • Corelight Zeek
    • Checkpoint Firewall
    • Crowdstrike
    • Database collector
    • Datadog
    • Elasticsearch
    • Email
    • Exabeam
    • Extrahop
    • Fidelis
    • Fortinet FortiGate
    • F5 Networks (ASM)
    • Github
    • HaveIbeenpwned
    • Infoblox Network Identity Operating System (NIOS)
    • Jira
    • Juniper SRX
    • Kace
    • Kafka
    • McAfee
    • OPNSense
    • Palo Alto Networks (PAN-OS)
    • Proofpoint Targeted Attack Protection(TAP)
    • Pulse Connect Secure
    • Qradar
    • Qualys
    • Rapid7 AppSpider
    • Rapid7 Nexpose
    • SCCM
    • ServiceNow
    • SonicWall Firewall
    • Sentry
    • Shadowserver
    • Shodan
    • Signal Science
    • Sumo Logic
    • Splunk
    • Syslog
    • SSH
    • Trend Micro Deep Security
    • Trend Micro TippingPoint
    • Tenable IO
    • Tenable SC
    • Vectra Cognito Detect
    • VMware Carbon Black
    • Wazuh
    • Zscaler Cloud Firewall
  • Artifacts Extraction (Normalize)
    • Generic Artifacts Extraction
• Enrichment
  • Summary
  • Alert Score
    • Manually assign alert score
    • Automatically assign alert score
  • Network Information
    • ASN
    • DNS resolver
    • IpGeo
    • Ip Reputation
    • Nmap
    • Nslookup
    • Whois
  • Threat Intelligence
    • VirusTotal
    • Shodan
    • Anyrun
    • HaveIBeenPwned
    • Hybrid Analysis
  • Vulnerability
    • CVE
    • Nexpose
    • Appspider
  • Raw Logs
  • System Information
    • LDAP
    • SCCM
• Pattern Discovery
  • Summary
  • Continuous Pattern Discovery
    • Verify the pattern
    • Enable the pattern
    • Manual option
  • View Pattern Based Cases
    • Timeline visualizations
    • Graph visualization
    • Persist pattern
    • Share cases with colleague
  • Response to Cases
    • AI Recommendation
    • Batch Resolve
    • Response to cases
• Response
  • Overview
  • AI Recommendation
  • Response Automation
    • Block Ip
    • Reset Password
    • Send Email
    • Create Ticket
  • Task
• Automation
  • Overview
  • Create First Workflow
    • Create a workflow
  • Generic Nodes
    • Input
    • Output
    • Functions
  • Third Party Nodes
    • Analysis
    • Alexa Ranking
    • ASN
    • AWS IAM
    • AWS
    • Carbon Black
    • Crowd Strike
    • Datadog
    • DTonomy
    • Duo
    • Elasticsearch
    • Filter
    • GitHub
    • Grouper
    • Have I Been Pwned
    • Hybrid Analysis
    • InfoBlox
    • Intelligence
    • Jira
    • Kace
    • ldap
    • Manageengine
    • Microsoft Teams
    • Network
    • Active Directory
    • Social Functions
    • Storage
    • VISEO REST
    • NormShield
    • Office365
    • OTX
    • PDF
    • Phishing Email
    • Proofpoint
    • Rapid7 AppSpider
    • Rapid7 Nexpose
    • Regular Expression
    • Remedy
    • SCCM
    • Sentry
    • ServiceNow
    • Shodan
    • Signal Science
    • Splunk
    • Sumo Logic
    • SuspiciousIp
    • Tenable io
    • Tenable sc
    • URLScan.io
    • VirusTotal
    • Wazuh
  • Share Workflows
    • Export a workflow to JSON
    • Import a workflow from JSON
  • Project History
    • Version Control
    • Local Changes
    • Commit History
• Playbooks
  • SIEM
    • Analysis-Enrich Sumologic with ThreatCrowd
    • Analysis- Enrich Sumologic With VirusTotal
    • Analysis-Sumologic Compromised Account
    • Analysis-Sumologic Misuse Account
    • Ingestion-Import Elastic Security Detections
    • Ingestion-Import Wazuh Detections
    • IR-Enrich Sumologic with VirusTotal and Export to Spreadsheet
    • IR-Enrich Sumologic User Detection with Vulnerability Check
    • Response-Compromised Account Alert
    • Response-Misuse Account Alert
  • Email
    • Analysis-Phishing Email
    • Analysis-Phishing Email with PDF Decryption
    • Analysis-Comprehensive Phishing Response Workflow
    • IR-Phishing Email Response with Yara
    • IR-Comprehensive Phishing Response Workflow
    • Response-Report Phish to Microsoft
    • Response-Report Spam to Microsoft
    • Utility-Delete Outlook Email
    • Utility-Forward Email as Attachment
    • Utility-Forward Email with Attachment
    • Utility-Read Email Attachment
  • Cloud
    • Response-AWS Block Ip
    • Ingestion-AWS CloudTrail
    • Utility-AWS Invoke Lambda
    • Response-AWS VPC Create Security Group
    • Compliance-Audit User
  • Endpoint
    • API Mocker-Carbon Black
    • Response-Retrieve Carbon Black Alerts and Create Jira Issue
    • Analysis-Enrich CrowdStrike with SIEM
    • Response-Block Ip on Azure
    • Response-Block Ip on Fortinet
    • Response-Block Ip on Endgame
  • Network
    • Analysis-Collect user Info From Pastebin
    • Analysis-Enrich IP with Threatcrowd
    • Analysis-Import CISCO Meraki Alert
    • Analysis-Network Traffic Alert
    • IR-Enrich Sumologic Network Alerts with Threat Intelligence and Vulnerability
    • IR-Enrich Sumologic Network Attack with whois and Send Email
    • Response-Block Ip and Log Actions to Sumologic
    • Response-Network Alert Escalation
    • Response-Block Ip Azure
  • Vulnerability
    • Analysis-Network Alert With Vulnerability
    • Analysis-Notify Owner to Fix Vulnerability
    • Response-Retrieve Nessus Scan and Create Jira Ticket
    • Utility-Nexpose Example
  • Other
    • DLP-Data Leaking Protection Validation
    • Intelligence-Build Intelligence
    • Analysis-End To End User Alert
    • Notifications-Microsoft Teams
    • Report-Shadow Server
    • Response-Auto Report To Microsoft
    • Response-Create ServiceNow Ticket
    • Response-Get Abuse Domains Whois
    • Response-Report Abuse Whois
    • Response-Warn User
    • Utility-Alexa Ranking
    • Utility-Automating Interactive Applications
    • Utility-Create Ticket
    • Utility-Install Python Module
    • Utility-OTX Example
    • Utility-Parallel Computation
    • Utility-Perl Example
    • Utility-Python Processor
    • Utility-Update Ticket
    • Utility-Wait For Actions
    • Utility-Write To Google Sheet
    • Utility-GSuite
• Report
• User Management
  • Adding a User:
  • Removing a User:
  • Editing a User:
  • Assigning Roles to Users:
  • Understanding User Roles:
• API
  • Authorization
  • Alert
    • Post an Alert (Legacy)
    • Post an Alert
    • Get Alerts
    • Update an Existing Alert
    • Get Alerts by Filter
    • Delete an Alert
    • Get Alerts’ Count
    • Update an Alert List
    • Build Artificial Intelligence
    • Post a Comment
    • Get Comments
    • Create a Task
    • Create a Task from a Workflow
    • Get Tasks
    • Update a Task
    • Get a Pattern
    • Get Similar Alerts
  • Alert Schema
    • Get Alert Schemas
    • Create an Alert Schema
    • Get an Alert Schema by ID
    • Update an Alert Schema
    • Get an Alert Schema by Name
  • User
    • Get Users
    • Get Current User
    • Get Tenants
    • Get User Names
    • Create a User
    • Update a User
    • Delete a User
  • Workflow
    • Get a Workflow
    • Get Workflows
    • Post Workflows
    • Get Nodes by Category
  • Workflow Activity
    • Create a Workflow Activity
    • Get Workflow Activities
  • Workflow AI Assistance
    • Get Workflow AI Assistance
  • Artifact
    • Add an Artifact
    • Get the list of Artifacts
    • Find Artifacts by Name & Value
    • Find Artifacts by Name
    • Find Artifacts by Name and Detection Type
    • Delete an Artifact

Indices and tables

• Index
• Module Index
• Search Page