Smokescreen

Smokescreen's IllusionBLACK deception platform detects cyber attacks like reconnaissance, spear phishing, lateral movement, stolen credentials and data theft.

Integration with LogicHub

Connecting with Smokescreen

To connect to Smokescreen following details are required:

Actions with Smokescreen

Get All Network Decoys

This is used to get details about all network decoys deployed on IllusionBLACK.

Inputs to this Action:

  • Connection: Choose a connection that you have created

Output of Action: Gives network decoys from ILlusionBLACK

Get All AD Decoys

This is used to get details about all AD decoys deployed on IllusionBLACK.

Inputs to this Action:

  • Connection: Choose a connection that you have created

Output of Action: Gives AD decoys from ILlusionBLACK

Get All TI Decoys

This is used to get details about all TI decoys deployed on IllusionBLACK.

Inputs to this Action:

  • Connection: Choose a connection that you have created

Output of Action: Gives TI decoys from ILlusionBLACK

Get Raw Events from IllusionBLACK

Get events from IllusionBLACK filtering using the IllusionBLACK extensive rule engine.

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • from: Get events from datetime which is 8601 formatted string
  • to: Get events to datetime which is 8601 formatted string
  • limit: The number of events sent in response per API call
  • expfilter: An IllusionBLACK rule engine query string. Detailed documentation on the rule engine is here: https://drive.google.com/file/d/1bnDzyUCLD5-fBjQVr9tNbDeYRq1-AMyb/view?usp=sharing
  • whitelisted: Return whitelisted events or not
  • resolved: Return resolved events or not

Output of Action: Returns the list of Events and Threat Parse data associated with them.


Did this page help you?