Silverfort

Silverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more.

Use Silverfort integration to get & update Silverfort risk severity.

This integration was integrated and tested with Silverfort version 2.12.

Silverfort Playbook


  • Get risk information and block the user if the risk is 'high' or 'critical'
  • Update the Silverfort user risk level

Use Cases


  • Consume Silverfort user and server risk levels
  • Enrich the Silverfort risk engine and trigger MFA on risky entities

Configure Silverfort on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Silverfort.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
Namea textual name for the integration instanceTrue
urlServer URLTrue
apikeyAPIKEYTrue
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.
  • To generate an API token:
    1. From the Silverfort Admin Console, navigate to Settings > Advanced.
    2. In the Authentication Tokens section, click Generate Token.
    3. Copy the generated token and save it in a safe place.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

silverfort-get-user-risk


User risk commands - get the user entity risk.

Base Command

silverfort-get-user-risk

Input
Argument NameDescriptionRequired
upnThe user principal name.Optional
emailThe email address.Optional
sam_accountThe sam account.Optional
domainThe domain.Optional

Specify one of the following:

  • upn
  • email address and domain
  • sam account and domain
Context Output
PathTypeDescription
Silverfort.UserRisk.RiskStringThe risk level.
Silverfort.UserRisk.ReasonsUnknownThe reasons for the risk.
Silverfort.UserRisk.UPNStringThe user principal name.
Command Example

!silverfort-get-user-risk upn="sfuser@silverfort.io"

Context Example
{
"Silverfort": {
"UserRisk": {
"Reasons": [
"Suspicious activity",
"Password never expires"
],
"Risk": "Medium",
"UPN": "sfuser@silverfort.io"
}
}
}
Human Readable Output

Silverfort User Risk

UPNRiskReasons
sfuser@silverfort.ioMediumSuspicious activity,Password never expires

silverfort-get-resource-risk


Gets the resource entity risk information.

Base Command

silverfort-get-resource-risk

Input
Argument NameDescriptionRequired
resource_nameThe hostname.Required
domain_nameThe domain.Required
Context Output
PathTypeDescription
Silverfort.ResourceRisk.RiskStringThe risk level.
Silverfort.ResourceRisk.ReasonsArrayThe reasons for the risk.
Silverfort.ResourceRisk.ResourceNameStringThe hostname.
Command Example

!silverfort-get-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io"

Context Example
{
"Silverfort": {
"ResourceRisk": {
"Reasons": [
"Unconstrained Delegation"
],
"ResourceName": "SF-DC-1",
"Risk": "Low"
}
}
}
Human Readable Output

Silverfort Resource Risk

ResourceNameRiskReasons
SF-DC-1LowUnconstrained Delegation

silverfort-update-user-risk


Updates the user entity risk.

Base Command

silverfort-update-user-risk

Input
Argument NameDescriptionRequired
upnThe user principal name.Optional
risk_nameThe risk name.Required
severityThe severity.Required
valid_forThe number of hours that the risk will be valid for.Required
descriptionThe risk description.Required
emailThe email address.Optional
sam_accountThe sam account.Optional
domainThe domain.Optional

Specify one of the following:

  • upn
  • email address and domain
  • sam account and domain
Context Output

There is no context output for this command.

Command Example

!silverfort-update-user-risk upn="sfuser@silverfort.io" risk_name="activity_risk" severity=medium valid_for=1 description="Suspicious activity"

Context Example
{}
Human Readable Output

ok

silverfort-update-resource-risk


Update the resource entity risk.

Base Command

silverfort-update-resource-risk

Input
Argument NameDescriptionRequired
resource_nameThe hostname.Required
domain_nameThe domain name.Required
risk_nameThe risk name.Required
severityThe severity.Required
valid_forThe number of hours the severity will be relevant for.Required
descriptionA short description about the risk.Required
Context Output

There is no context output for this command.

Command Example

!silverfort-update-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io" risk_name="malware_risk" severity="high" valid_for=1 description="Malware detected"

Context Example
{}
Human Readable Output

ok

Additional Information


Known Limitations


Troubleshooting