rapid7-siem - Pinkfish - AI Agents & Workflows for Getting Work Done

Server path: /rapid7-siem | Type: Application | PCID required: Yes

Tools

Tool	Description
`rapid7_siem_add_collector`	Add Collector
`rapid7_siem_add_indicators`	Add indicators to a Community Threat
`rapid7_siem_assign_user_to_investigation`	Assign user to investigation
`rapid7_siem_bulk_close_investigations`	Close investigations in bulk
`rapid7_siem_create_comment`	Create comment
`rapid7_siem_create_community_threat`	Create a Community Threat
`rapid7_siem_delete_attachment`	Delete an attachment
`rapid7_siem_delete_comment`	Delete a comment
`rapid7_siem_delete_community_threat`	Delete a Community Threat
`rapid7_siem_download_attachment`	Download attachment
`rapid7_siem_find_account_by_rrn`	Get account by RRN
`rapid7_siem_find_asset_by_rrn`	Get asset by RRN
`rapid7_siem_get_attachment`	Get attachment information
`rapid7_siem_get_comment`	Get comment by rrn
`rapid7_siem_get_local_account_by_rrn`	Get local account by RRN
`rapid7_siem_get_metrics`	Retrieve health metrics by org
`rapid7_siem_get_user_by_rrn`	Get user by RRN
`rapid7_siem_list_attachments`	List attachments
`rapid7_siem_list_comments`	List comments
`rapid7_siem_list_investigations`	List investigations
`rapid7_siem_replace_indicators`	Replace indicators for a Community Threat
`rapid7_siem_search_accounts`	Search accounts
`rapid7_siem_search_assets`	Search assets
`rapid7_siem_search_local_accounts`	Search local accounts
`rapid7_siem_search_users`	Search users
`rapid7_siem_set_status`	Set the status of an investigation
`rapid7_siem_update_comment`	Update comment visibility
`rapid7_siem_upload_attachment`	Upload attachment

rapid7_siem_add_collector

Add Collector Parameters:

Parameter	Type	Required	Default	Description
`deployment_type`	string	No	—	Optional indication of how the collector is deployed.
`key`	string	Yes	—	The registration key for the collector. Must be unique, and a valid UUID.
`name`	string	Yes	—	The name for the new collector. Must be unique.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "deployment_type": {
      "type": "string",
      "description": "Optional indication of how the collector is deployed."
    },
    "key": {
      "type": "string",
      "description": "The registration key for the collector. Must be unique, and a valid UUID."
    },
    "name": {
      "type": "string",
      "description": "The name for the new collector. Must be unique."
    }
  },
  "required": [
    "PCID",
    "key",
    "name"
  ]
}

rapid7_siem_add_indicators

Add indicators to a Community Threat Parameters:

Parameter	Type	Required	Default	Description
`key`	string	Yes	—	The key of a Community Threat for which the indicators are going to be added.
`format`	string	Yes	—	The input format.
`body`	string	Yes	—	The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "key": {
      "type": "string",
      "description": "The key of a Community Threat for which the indicators are going to be added."
    },
    "format": {
      "type": "string",
      "description": "The input format.",
      "enum": [
        "json",
        "csv",
        "stix_xml"
      ]
    },
    "body": {
      "type": "string",
      "description": "The request body format should be one of JSON, STIX XML, CSV, or multi-part file data.  The maximum payload size is 50 MB."
    }
  },
  "required": [
    "PCID",
    "key",
    "format",
    "body"
  ]
}

rapid7_siem_assign_user_to_investigation

Assign user to investigation Parameters:

Parameter	Type	Required	Default	Description
`id`	string	Yes	—	The ID or RRN of the investigation to assign the user to.
`user_email_address`	string	Yes	—	The email address of the user to assign to this investigation, used to log into the Insight Platform.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "id": {
      "type": "string",
      "description": "The ID or RRN of the investigation to assign the user to."
    },
    "user_email_address": {
      "type": "string",
      "description": "The email address of the user to assign to this investigation, used to log into the Insight Platform."
    }
  },
  "required": [
    "PCID",
    "id",
    "user_email_address"
  ]
}

rapid7_siem_bulk_close_investigations

Close investigations in bulk Parameters:

Parameter	Type	Required	Default	Description
`alert_type`	string	No	—	The category of alerts that should be closed. This parameter is required if the source is ALERT and ignored for other sources. This value must exactly match the alert type returned by the List Investigations response.
`detection_rule_rrn`	string	No	—	The RRN of the detection rule. Investigations will only be closed that are associated with this detection rule. If a detection rule RRN is given, the alert_type is required to be ‘Attacker Behavior Detected’.
`from`	string	Yes	—	An ISO formatted timestamp. Only investigations whose createTime is after this date will be closed.
`max_investigations_to_close`	integer	No	—	An optional, maximum number of alerts to close with this request. If this parameter is not specified, then there is no maximum. If this limit is exceeded, then a 400 error response is returned. The minimum value is 0.
`source`	string	Yes	—	The name of an investigation source. Only investigations from this source will be closed. If the source is ALERT, an alert type must be specified as well.
`to`	string	Yes	—	An ISO formatted timestamp. Only investigations whose createTime is before this date will be closed.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "alert_type": {
      "type": "string",
      "description": "The category of alerts that should be closed. This parameter is required if the source is ALERT and ignored for other sources. This value must exactly match the alert type returned by the List Investigations response."
    },
    "detection_rule_rrn": {
      "type": "string",
      "description": "The RRN of the detection rule. Investigations will only be closed that are associated with this detection rule. If a detection rule RRN is given, the alert_type is required to be 'Attacker Behavior Detected'."
    },
    "from": {
      "type": "string",
      "description": "An ISO formatted timestamp. Only investigations whose createTime is after this date will be closed."
    },
    "max_investigations_to_close": {
      "type": "integer",
      "description": "An optional, maximum number of alerts to close with this request. If this parameter is not specified, then there is no maximum. If this limit is exceeded, then a 400 error response is returned. The minimum value is 0."
    },
    "source": {
      "type": "string",
      "description": "The name of an investigation source. Only investigations from this source will be closed. If the source is ALERT, an alert type must be specified as well.",
      "enum": [
        "ALERT,MANUAL,HUNT"
      ]
    },
    "to": {
      "type": "string",
      "description": "An ISO formatted timestamp. Only investigations whose createTime is before this date will be closed."
    }
  },
  "required": [
    "PCID",
    "from",
    "source",
    "to"
  ]
}

rapid7_siem_create_comment

Create comment Parameters:

Parameter	Type	Required	Default	Description
`attachments`	string[]	No	—	An array of attachment RRNs to associate with the comment.
`body`	string	No	—	The body of the comment.
`target`	string	Yes	—	The target of the comment, which determines where it will appear within InsightIDR.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "attachments": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "An array of attachment RRNs to associate with the comment."
    },
    "body": {
      "type": "string",
      "description": "The body of the comment."
    },
    "target": {
      "type": "string",
      "description": "The target of the comment, which determines where it will appear within InsightIDR."
    }
  },
  "required": [
    "PCID",
    "target"
  ]
}

rapid7_siem_create_community_threat

Create a Community Threat Parameters:

Parameter	Type	Required	Default	Description
`body`	string	Yes	—	The request body format must be in JSON. The maximum payload size is 50 MB.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "body": {
      "type": "string",
      "description": "The request body format must be in JSON.  The maximum payload size is 50 MB."
    }
  },
  "required": [
    "PCID",
    "body"
  ]
}

rapid7_siem_delete_attachment

Delete an attachment Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the attachment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the attachment."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_delete_comment

Delete a comment Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the comment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the comment."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_delete_community_threat

Delete a Community Threat Parameters:

Parameter	Type	Required	Default	Description
`key`	string	Yes	—	The key value
`reason`	string	No	—	The reason value

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "key": {
      "type": "string",
      "description": "The key value"
    },
    "reason": {
      "type": "string",
      "description": "The reason value"
    }
  },
  "required": [
    "PCID",
    "key"
  ]
}

rapid7_siem_download_attachment

Download attachment Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the attachment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the attachment."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_find_account_by_rrn

Get account by RRN Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the account.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the account."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_find_asset_by_rrn

Get asset by RRN Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the asset.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the asset."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_get_attachment

Get attachment information Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the attachment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the attachment."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_get_comment

Get comment by rrn Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	Return a comment with this rrn.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "Return a comment with this rrn."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_get_local_account_by_rrn

Get local account by RRN Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the local account.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the local account."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_get_metrics

Retrieve health metrics by org Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100.
`resourceTypes`	string	No	—	An optional, comma-separated set of resource types. Only resources whose type matches one of the entries in the list are returned. If this parameter is omitted, health metrics with any resource type may be returned.
`orgId`	string	No	—	Optional organization ID to get metrics for. If not specified, metrics for the user’s current organization will be returned. User must have access to the specified organization.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100."
    },
    "resourceTypes": {
      "type": "string",
      "description": "An optional, comma-separated set of resource types. Only resources whose type matches one of the entries in the list are returned. If this parameter is omitted, health metrics with any resource type may be returned."
    },
    "orgId": {
      "type": "string",
      "description": "Optional organization ID to get metrics for. If not specified, metrics for the user's current organization will be returned. User must have access to the specified organization."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_get_user_by_rrn

Get user by RRN Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the user.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the user."
    }
  },
  "required": [
    "PCID",
    "rrn"
  ]
}

rapid7_siem_list_attachments

List attachments Parameters:

Parameter	Type	Required	Default	Description
`target`	string	Yes	—	Return attachments with this target.
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "target": {
      "type": "string",
      "description": "Return attachments with this target."
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100."
    }
  },
  "required": [
    "PCID",
    "target"
  ]
}

rapid7_siem_list_comments

List comments Parameters:

Parameter	Type	Required	Default	Description
`target`	string	Yes	—	Return comments with this target.
`index`	integer	No	—	The optional 0, based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less or equal to 100.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "target": {
      "type": "string",
      "description": "Return comments with this target."
    },
    "index": {
      "type": "integer",
      "description": "The optional 0, based index of the page to retrieve. Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less  or equal to 100."
    }
  },
  "required": [
    "PCID",
    "target"
  ]
}

rapid7_siem_list_investigations

List investigations Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less then or equal to 1000.
`statuses`	string	No	—	An optional, comma-separated set of investigation statuses. Only investigations whose status matches one of the entries in the list will be returned. If this parameter, is omitted investigations with any status may be returned.
`start_time`	string	No	—	An optional, ISO-formatted timestamp. Only investigations whose createTime is after this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned.
`end_time`	string	No	—	An optional, ISO-formatted timestamp. Only investigations whose createTime is before this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less then or equal to 1000."
    },
    "statuses": {
      "type": "string",
      "description": "An optional, comma-separated set of investigation statuses. Only investigations whose status matches one of the entries in the list will be returned.  If this parameter, is omitted investigations with any status may be returned."
    },
    "start_time": {
      "type": "string",
      "description": "An optional, ISO-formatted timestamp. Only investigations whose createTime is after this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned."
    },
    "end_time": {
      "type": "string",
      "description": "An optional, ISO-formatted timestamp. Only investigations whose createTime is before this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_replace_indicators

Replace indicators for a Community Threat Parameters:

Parameter	Type	Required	Default	Description
`key`	string	Yes	—	The key of a Community Threat for which the indicators are going to be added.
`format`	string	Yes	—	The input format.
`body`	string	Yes	—	The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "key": {
      "type": "string",
      "description": "The key of a Community Threat for which the indicators are going to be added."
    },
    "format": {
      "type": "string",
      "description": "The input format.",
      "enum": [
        "json",
        "csv",
        "stix_xml"
      ]
    },
    "body": {
      "type": "string",
      "description": "The request body format should be one of JSON, STIX XML, CSV, or multi-part file data.  The maximum payload size is 50 MB."
    }
  },
  "required": [
    "PCID",
    "key",
    "format",
    "body"
  ]
}

rapid7_siem_search_accounts

Search accounts Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
`search`	object[]	No	—	The criteria for which entities to return.
`sort`	object[]	No	—	The sorting information.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000."
    },
    "search": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to search within."
          },
          "operator": {
            "type": "string",
            "enum": [
              "EQUALS",
              "CONTAINS",
              "IN"
            ],
            "description": "The search operation to perform. All operators are case-insensitive when operating on strings."
          },
          "value": {
            "type": "object",
            "description": "The value to search for."
          }
        }
      },
      "description": "The criteria for which entities to return."
    },
    "sort": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to sort by."
          },
          "order": {
            "type": "string",
            "enum": [
              "ASC",
              "DESC",
              "ASC,DESC"
            ],
            "description": "The sorting direction. Sorting is case-insensitive when sorting strings."
          }
        }
      },
      "description": "The sorting information."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_search_assets

Search assets Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
`search`	object[]	No	—	The criteria for which entities to return.
`sort`	object[]	No	—	The sorting information.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000."
    },
    "search": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to search within."
          },
          "operator": {
            "type": "string",
            "enum": [
              "EQUALS",
              "CONTAINS",
              "IN"
            ],
            "description": "The search operation to perform. All operators are case-insensitive when operating on strings."
          },
          "value": {
            "type": "object",
            "description": "The value to search for."
          }
        }
      },
      "description": "The criteria for which entities to return."
    },
    "sort": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to sort by."
          },
          "order": {
            "type": "string",
            "enum": [
              "ASC",
              "DESC",
              "ASC,DESC"
            ],
            "description": "The sorting direction. Sorting is case-insensitive when sorting strings."
          }
        }
      },
      "description": "The sorting information."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_search_local_accounts

Search local accounts Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
`search`	object[]	No	—	The criteria for which entities to return.
`sort`	object[]	No	—	The sorting information.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve.  Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000."
    },
    "search": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to search within."
          },
          "operator": {
            "type": "string",
            "enum": [
              "EQUALS",
              "CONTAINS",
              "IN"
            ],
            "description": "The search operation to perform. All operators are case-insensitive when operating on strings."
          },
          "value": {
            "type": "object",
            "description": "The value to search for."
          }
        }
      },
      "description": "The criteria for which entities to return."
    },
    "sort": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to sort by."
          },
          "order": {
            "type": "string",
            "enum": [
              "ASC",
              "DESC",
              "ASC,DESC"
            ],
            "description": "The sorting direction. Sorting is case-insensitive when sorting strings."
          }
        }
      },
      "description": "The sorting information."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_search_users

Search users Parameters:

Parameter	Type	Required	Default	Description
`index`	integer	No	—	The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
`size`	integer	No	—	The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
`search`	object[]	No	—	The criteria for which entities to return.
`sort`	object[]	No	—	The sorting information.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "index": {
      "type": "integer",
      "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0."
    },
    "size": {
      "type": "integer",
      "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000."
    },
    "search": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to search within."
          },
          "operator": {
            "type": "string",
            "enum": [
              "EQUALS",
              "CONTAINS",
              "IN"
            ],
            "description": "The search operation to perform. All operators are case-insensitive when operating on strings."
          },
          "value": {
            "type": "object",
            "description": "The value to search for."
          }
        }
      },
      "description": "The criteria for which entities to return."
    },
    "sort": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "field": {
            "type": "string",
            "description": "The field to sort by."
          },
          "order": {
            "type": "string",
            "enum": [
              "ASC",
              "DESC",
              "ASC,DESC"
            ],
            "description": "The sorting direction. Sorting is case-insensitive when sorting strings."
          }
        }
      },
      "description": "The sorting information."
    }
  },
  "required": [
    "PCID"
  ]
}

rapid7_siem_set_status

Set the status of an investigation Parameters:

Parameter	Type	Required	Default	Description
`id`	string	Yes	—	The ID or RRN of the investigation to change the status of.
`status`	string	Yes	—	The new status for the investigation (case-insensitive).

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "id": {
      "type": "string",
      "description": "The ID or RRN of the investigation to change the status of."
    },
    "status": {
      "type": "string",
      "description": "The new status for the investigation (case-insensitive).",
      "enum": [
        "OPEN",
        "CLOSED",
        "INVESTIGATING"
      ]
    }
  },
  "required": [
    "PCID",
    "id",
    "status"
  ]
}

rapid7_siem_update_comment

Update comment visibility Parameters:

Parameter	Type	Required	Default	Description
`rrn`	string	Yes	—	The RRN of the comment.
`visibility`	string	Yes	—	The new visibility for the comment (case insensitive).

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the comment."
    },
    "visibility": {
      "type": "string",
      "description": "The new visibility for the comment (case insensitive).",
      "enum": [
        "INTERNAL",
        "PUBLIC"
      ]
    }
  },
  "required": [
    "PCID",
    "rrn",
    "visibility"
  ]
}

rapid7_siem_upload_attachment

Upload attachment Parameters:

Parameter	Type	Required	Default	Description
`filedata`	string[]	Yes	—	The filedata value

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filedata": {
      "type": "array",
      "items": {
        "type": "string",
        "format": "binary"
      },
      "description": "The filedata value"
    }
  },
  "required": [
    "PCID",
    "filedata"
  ]
}

​Tools

​rapid7_siem_add_collector

​rapid7_siem_add_indicators

​rapid7_siem_assign_user_to_investigation

​rapid7_siem_bulk_close_investigations

​rapid7_siem_create_comment

​rapid7_siem_create_community_threat

​rapid7_siem_delete_attachment

​rapid7_siem_delete_comment

​rapid7_siem_delete_community_threat

​rapid7_siem_download_attachment

​rapid7_siem_find_account_by_rrn

​rapid7_siem_find_asset_by_rrn

​rapid7_siem_get_attachment

​rapid7_siem_get_comment

​rapid7_siem_get_local_account_by_rrn

​rapid7_siem_get_metrics

​rapid7_siem_get_user_by_rrn

​rapid7_siem_list_attachments

​rapid7_siem_list_comments

​rapid7_siem_list_investigations

​rapid7_siem_replace_indicators

​rapid7_siem_search_accounts

​rapid7_siem_search_assets

​rapid7_siem_search_local_accounts

​rapid7_siem_search_users

​rapid7_siem_set_status

​rapid7_siem_update_comment

​rapid7_siem_upload_attachment

Tools

rapid7_siem_add_collector

rapid7_siem_add_indicators

rapid7_siem_assign_user_to_investigation

rapid7_siem_bulk_close_investigations

rapid7_siem_create_comment

rapid7_siem_create_community_threat

rapid7_siem_delete_attachment

rapid7_siem_delete_comment

rapid7_siem_delete_community_threat

rapid7_siem_download_attachment

rapid7_siem_find_account_by_rrn

rapid7_siem_find_asset_by_rrn

rapid7_siem_get_attachment

rapid7_siem_get_comment

rapid7_siem_get_local_account_by_rrn

rapid7_siem_get_metrics

rapid7_siem_get_user_by_rrn

rapid7_siem_list_attachments

rapid7_siem_list_comments

rapid7_siem_list_investigations

rapid7_siem_replace_indicators

rapid7_siem_search_accounts

rapid7_siem_search_assets

rapid7_siem_search_local_accounts

rapid7_siem_search_users

rapid7_siem_set_status

rapid7_siem_update_comment

rapid7_siem_upload_attachment