Commands

Browse query commands across all apps.

CISA
cisa-kev-catalog Fetch vulnerabilities from CISA Known Exploited Vulnerabilities catalog.
ML Rules
ml-beaconing-connections Detect beaconing connections by analyzing session patterns.
ML Rules
ml-beacon-sessions # ml-beacon-sessions
Genian NAC
genian-nac-node-apps-batch Fetch endpoint applications from the Genian NAC server using the IP field of input data.
Genian NAC
genian-nac-node-apps Fetch endpoint applications from the Genian NAC server.
Genian NAC
genian-nac-remove-tag Removes the tag of the specified node from Genian NAC server.
Experimental
log # log
Experimental
sonar-remove-address-batch Remove the IP address of input record from the specified address group.
Experimental
sonar-update-batch-rule-query-batch Update batch rule queries from input records.
Experimental
sonar-delete-stream-rule-command-batch Delete commands from stream rules from input records.
Experimental
sonar-update-stream-rule-command-batch Update existing commands in stream rules from input records.
Experimental
sonar-add-stream-rule-command-batch Add new commands to existing stream rules from input records.
Experimental
sonar-response-targets Enumerate response targets in Logpresso Sonar.
Experimental
sonar-response-models Enumerate response models in Logpresso Sonar.
Experimental
sonar-address-objects Enumerate address objects in Logpresso Sonar.
Experimental
sonar-address-groups Enumerate address groups in Logpresso Sonar.
Experimental
sonar-log-schemas Enumerate log schemas in Logpresso Sonar.
Experimental
sonar-apps Enumerate apps in Logpresso Sonar.
Experimental
sonar-logger-models Enumerate logger models in Logpresso Sonar.
Experimental
sonar-loggers Enumerate loggers in Logpresso Sonar.