InsightConnect Marketplace

Azure AD Admin

Back to Marketplace

Azure AD Admin

v2.2.0

Perform administrative operations in Azure AD

Tags: Microsoft, Azure, Active Directory, Administration

Triggers
  • Risk Detection

Actions
  • Add User to Group
  • Add User to Groups by ID
  • Create User and Notify
  • Disable User Account
  • Enable User Account
  • Force User to Change Password
  • Get Group by Name
  • Get User Info
  • Remove User from Group
  • Revoke Sign-In Sessions
  • Update User Information

Description

Azure AD Admin performs administrative tasks in Azure AD.

It uses the User endpoint in the Microsoft Graph API.

Key Features

  • Add and remove users
  • Disable and enable users
  • Force users to change their password

Requirements

  • The application this plugin connects to needs the following permissions:
    • Directory.AccessAsUser.All
    • Directory.ReadWrite.All
    • User.ReadWrite.All
  • The application will need to be added to the Global Administrator role. This can be done in Roles and administrators in Azure Active directory via the Azure Portal.

Documentation

Setup

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum Example
application_id string None True The ID of the registered application that obtained the refresh token None None
application_secret credential_secret_key None True The secret of the registered application that obtained the refresh token None None
tenant_id string None True The ID of the directory that identifies the tenant None None

Example input:

{
  "application_id": "abcd12345-ab12-1234-abcd-1ab2c3d4e5g6",
  "application_secret": {
    "secretKey": "abcdefghi12345678abcdef1234"
  },
  "tenant_id": "abcd12345-ab12-1234-abcd-1ab2c3d4e5g6"
}

Technical Details

Actions

Revoke Sign-In Sessions

This action invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time.

Input
Name Type Default Required Description Enum Example
user_id string None True User ID None user@example.com

Example input:

{
  "user_id": "user@example.com"
}
Output
Name Type Required Description
success boolean True Was the operation successful

Example output:

{
  "success": true
}

Add User to Groups by ID

This action is used to add a user to a set of groups by group ID.

Input
Name Type Default Required Description Enum Example
group_id []string None True IDs of Groups to Add User to None ['b4d41d4-eb13-4a33-99b5-7d7290df22e9']
user_id string None True User ID e.g. user@example.com None user@example.com

Example input:

{
  "group_id": ["b4d41d4-eb13-4a33-99b5-7d7290df22e9"],
  "user_id": "user@example.com"
}
Output
Name Type Required Description
success boolean False Was operation successful

Example output:

{
  "success": true
}

Update User Information

This action is used to update a users information.

Input
Name Type Default Required Description Enum Example
city string None False The city in which the user is located None Boston
country string None False The country or region in which the user is located; for example, US or UK None US
department string None False The name for the department in which the user works None IT
job_title string None False The user’s job title None Desktop Technician
state string None False The state or province in the users address None MA
user_id string None True User to updates ID None user@example.com
user_type string None False A string value that can be used to classify user types in your directory, such as Member and Guest None Member

Example input:

{
  "city": "Boston",
  "country": "US",
  "department": "Engineering",
  "job_title": "Software Engineer",
  "state": "MA",
  "user_id": "user@example.com",
  "user_type": "Member"
}
Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Create User and Notify

This action is used to create a user with a randomly generated password and send out an email with the password.

Input
Name Type Default Required Description Enum Example
account_enabled boolean True False True if the account is enabled; otherwise, false None None
display_name string None True The name to display in the address book for the user e.g. displayName-value None None
mail_nickname string None False The mail alias for the user e.g. mailNickname-value None None
notify_email_body string None False Body of the email to be sent out. Use $password to place the generated password None None
notify_from string None True User from which email notifcation will be sent None None
notify_recipient string None True Email address of the account to be notified of user creation None None
user_principal_name string None True The user principal name e.g. user@example.com None None

Example input:

Output
Name Type Required Description
success boolean True Did the step succeed

Example output:

{
  "success": true
}

Disable User Account

This action is used to disable a user account. This action will not disable an administrative account.

Input
Name Type Default Required Description Enum Example
user_id string None True User ID to disable e.g. user@example.com None None

Example input:

Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Enable User Account

This action is used to enable a user account.

Input
Name Type Default Required Description Enum Example
user_id string None True User ID to enable e.g. user@example.com None None

Example input:

Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Force User to Change Password

This action forces a user to change their password on their next successful login.

Input
Name Type Default Required Description Enum Example
user_id string None True User ID None None

Example input:

Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Get User Info

This action is used to get user information.

Input
Name Type Default Required Description Enum Example
user_id string None True User ID e.g. user@example.com None None

Example input:

Output
Name Type Required Description
user_information user_information True Information about a user

Example output:

{
  "user_information": {
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "businessPhones": [],
    "displayName": "Joey McAdams",
    "givenName": "Joey",
    "jobTitle": "Sr. Software Engineer",
    "mail": "",
    "mobilePhone": "",
    "officeLocation": "",
    "preferredLanguage": "",
    "surname": "McAdams",
    "userPrincipalName": "user@example.com",
    "id": "08290005-23ba-46b4-a377-b381d651a2fb",
    "accountEnabled": true
  }
}

Get Group by Name

This action is used to get a group by it's name.

Input
Name Type Default Required Description Enum Example
name string None True Name None None

Example input:

Output
Name Type Required Description
group group False Group

Example output:

{
  "group": {
    "id": "bb4d41d4-eb13-4a33-99b5-7d7290df22e9",
    "deletedDateTime": null,
    "classification": null,
    "createdDateTime": "2019-09-20T12:15:21Z",
    "creationOptions": [],
    "description": "Azure AD Test Group",
    "displayName": "Azure AD Test Group",
    "groupTypes": [
      "Unified"
    ],
    "isAssignableToRole": false,
    "mail": "user@example.com",
    "mailEnabled": true,
    "mailNickname": "AzureADTestGroup",
    "onPremisesLastSyncDateTime": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSyncEnabled": null,
    "preferredDataLocation": null,
    "proxyAddresses": [
      "SPO:SPO_618d645a-541b-4349-a7c0-3bb73eedd701@SPO_5c824599-dc8c-4d31-96fb-3b886d4f8f10",
      "SMTP:user@example.com"
    ],
    "renewedDateTime": "2019-09-20T12:15:21Z",
    "resourceBehaviorOptions": [],
    "resourceProvisioningOptions": [],
    "securityEnabled": true,
    "visibility": "Public",
    "onPremisesProvisioningErrors": []
  }
}

Add User to Group

This action is used to add a user to a group.

Input
Name Type Default Required Description Enum Example
group_name string None True Group Name e.g. My Azure Group None None
user_id string None True User ID e.g. user@example.com None None

Example input:

Output
Name Type Required Description
success boolean False Was operation successful

Example output:

{
  "success": true
}

Remove User from Group

This action is used to remove a user from a group.

Input
Name Type Default Required Description Enum Example
group_name string None True Group Name e.g. My Azure Group None None
user_id string None True User ID e.g. user@example.com None None

Example input:

Output
Name Type Required Description
success boolean False Was operation successful

Example output:

{
  "success": true
}

Triggers

Risk Detection

This trigger provides list of both user and sign-in linked risk detections and associated information about the detection.

Input
Name Type Default Required Description Enum Example
frequency integer 60 False Poll frequency in seconds None None
risk_level string None True Risk level ['low', 'medium', 'high', 'hidden', 'none', 'all'] None

Example input:

Output
Name Type Required Description
risk risk True Risk

Example output:

{
  "risk":
    {
      "id": "04da6f53cd292d990314fd05b2ba6cc06b3acc3a2eb85bf2fe6d48f2edbec301",
      "requestId": "04c82f8e-f0c0-4971-a546-c18125fa3300",
      "correlationId": "0977e5da-93a4-4e97-b1a2-bb03b8007e93",
      "riskType": "unfamiliarFeatures",
      "riskState": "atRisk",
      "riskLevel": "low",
      "riskDetail": "none",
      "source": "IdentityProtection",
      "detectionTimingType": "realtime",
      "activity": "signin",
      "tokenIssuerType": "AzureAD",
      "ipAddress": "66.207.205.214",
      "activityDateTime": "2019-11-25T14:09:08.6953666Z",
      "detectedDateTime": "2019-11-25T14:09:08.6953666Z",
      "lastUpdatedDateTime": "2019-11-25T14:12:04.5431877Z",
      "userId": "ac785ffe-530a-45a1-bbf4-e275457e464b",
      "userDisplayName": "User Name",
      "userPrincipalName": "user@domain",
      "additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"python-requests/2.22.0\"}]",
      "location":
        {
          "city": "Toronto",
          "state": "Ontario",
          "countryOrRegion": "CA",
          "geoCoordinates":
            {
              "latitude": 43.63831,
              "longitude": -79.42555
            }
        }
    }
}

Risk Detection

This trigger provides a list of both user and sign-in linked risk detections and associated information about the detection.

Custom Output Types

user_information

Name Type Required Description
@odata.context string False @odata.context
accountEnabled boolean False Account enabled
businessPhones []string False Business phones
displayName string False Display name
givenName string False Given Name
id string False ID
jobTitle string False Job title
mail string False Mail
mobilePhone string False Mobile phone
officeLocation string False Office location
preferredLanguage string False Preferred language
surname string False Surname
userPrincipalName string False User principal name

group

Name Type Required Description
createdDateTime string False Created date time
description string False Description
displayName string False Display name
groupTypes []string False Group types
id string False ID
isAssignableToRole boolean False Is assignable to role
mail string False Mail
mailEnabled boolean False Mail enabled
mailNickname string False Mail nickname
proxyAddresses []string False Proxy addresses
renewedDateTime string False Renewed date time
securityEnabled boolean False Security enabled
visibility string False Visibility

geo_coordinates

Name Type Required Description
altitude string False The altitude (height), in feet, above sea level
latitude string False The latitude, in decimal
longitude string False The longitude, in decimal

sign_in_location

Name Type Required Description
city string False City where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity
country_or_region string False Country code info (2 letter code) where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity
geo_coordinates geo_coordinates False Geo coordinates
state string False State where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity

risk

Name Type Required Description
activity string False Indicates the activity type the detected risk is linked to. The possible values are signin, user, unknownFutureValue
activity_date_time string False Date and time that the risky activity occurred
additional_info string False Additional information associated with the risk detection
correlation_id string False Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in
detected_date_time string False Date and time that the risk was detected
detection_timing_type string False Timing of the detected risk (real-time/offline). The possible values are notDefined, realtime, nearRealtime, offline, unknownFutureValue
id string True Unique ID of the risk detection
ip_address string False IP address of the client from where the risk occurred
last_updated_date_time string False Date and time that the risk detection was last updated
location sign_in_location False Location of the client from where the risk occurred
request_id string False Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in
risk_detail string False Details of the detected risk. Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned hidden
risk_level string False Level of the detected risk
risk_state string False The state of a detected risky user or sign-in
risk_type string False The type of risk event detected
source string False Source of the risk detection. For example, activeDirectory
token_issuer_type string False Indicates the activity type the detected risk is linked to. The possible values are signin, user, unknownFutureValue
user_display_name string False User display name
user_id string False User ID
user_principal_name string False The user principal name (UPN) of the user

Troubleshooting

This plugin does not contain any troubleshooting information.

Version History

  • 2.2.0 - New action Revoke Sign-In Sessions
  • 2.1.1 - Update incorrect title of user_type to User Type | Return group_id in Add User to Groups By IDs action's error message to improve debugging
  • 2.1.0 - New action Add User to Groups By IDs
  • 2.0.0 - New action Update User Info
  • 1.4.1 - Extension Library styling update
  • 1.4.0 - New trigger Risk Detection
  • 1.3.1 - New spec and help.md format for the Extension Library
  • 1.3.0 - New action Create User
  • 1.2.0 - New actions Get Group by Name, Add User to Group, and Remove User from Group
  • 1.1.0 - New action Force User to Change Password
  • 1.0.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: [insightconnect]
name: azure_ad_admin
title: Azure AD Admin
description: Perform administrative operations in Azure AD
version: 2.2.0
vendor: rapid7
support: community
status: []
resources:
  source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/azure_ad_admin
  license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
  vendor_url: https://www.microsoft.com/
tags:
  - Microsoft
  - Azure
  - Active Directory
  - Administration
hub_tags:
  use_cases: [threat_detection_and_response, user_management]
  keywords: [azure, microsoft, active directory, administration]
  features: []
types:
  user_information:
    accountEnabled:
      title: "Account Enabled"
      type: boolean
      description: "Account enabled"
      required: false
    displayName:
      title: "Display Name"
      type: string
      description: "Display name"
      required: false
    mobilePhone:
      title: "Mobile Phone"
      type: string
      description: "Mobile phone"
      required: false
    preferredLanguage:
      title: "Preferred Language"
      type: string
      description: "Preferred language"
      required: false
    jobTitle:
      title: "Job Title"
      type: string
      description: "Job title"
      required: false
    userPrincipalName:
      title: "User Principal Name"
      type: string
      description: "User principal name"
      required: false
    "@odata.context":
      title: "@odata.Context"
      type: string
      description: "@odata.context"
      required: false
    officeLocation:
      title: "Office Location"
      type: string
      description: "Office location"
      required: false
    businessPhones:
      title: "Business Phones"
      type: "[]string"
      description: "Business phones"
      required: false
    mail:
      title: "Mail"
      type: string
      description: "Mail"
      required: false
    surname:
      title: "Surname"
      type: string
      description: "Surname"
      required: false
    givenName:
      title: "Given Name"
      type: string
      description: "Given Name"
      required: false
    id:
      title: "ID"
      type: string
      description: "ID"
      required: false
  group:
    mailNickname:
      title: "Mail Nickname"
      type: string
      description: "Mail nickname"
      required: false
    groupTypes:
      title: "Group Types"
      type: "[]string"
      description: "Group types"
      required: false
    displayName:
      title: "Display Name"
      type: string
      description: "Display name"
      required: false
    description:
      title: "Description"
      type: string
      description: "Description"
      required: false
    createdDateTime:
      title: "Created Date Time"
      type: string
      description: "Created date time"
      required: false
    securityEnabled:
      title: "Security Enabled"
      type: boolean
      description: "Security enabled"
      required: false
    renewedDateTime:
      title: "Renewed Date Time"
      type: string
      description: "Renewed date time"
      required: false
    proxyAddresses:
      title: "Proxy Addresses"
      type: "[]string"
      description: "Proxy addresses"
      required: false
    visibility:
      title: "Visibility"
      type: string
      description: "Visibility"
      required: false
    mail:
      title: "Mail"
      type: string
      description: "Mail"
      required: false
    isAssignableToRole:
      title: "Is Assignable to Role"
      type: boolean
      description: "Is assignable to role"
      required: false
    id:
      title: "ID"
      type: string
      description: "ID"
      required: false
    mailEnabled:
      title: "Mail Enabled"
      type: boolean
      description: "Mail enabled"
      required: false
  geo_coordinates:
    altitude:
      title: Altitude
      description: The altitude (height), in feet, above sea level
      type: string
      required: false
    latitude:
      title: Latitude
      description: The latitude, in decimal
      type: string
      required: false
    longitude:
      title: Longitude
      description: The longitude, in decimal
      type: string
      required: false
  sign_in_location:
    city:
      title: City
      description: City where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity
      type: string
      required: false
    country_or_region:
      title: Country Or Region
      description: Country code info (2 letter code) where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity
      type: string
      required: false
    geo_coordinates:
      title: Geo Coordinates
      description: Geo coordinates
      type: geo_coordinates
      required: false
    state:
      title: State
      description: State where the sign-in originated. This is calculated using latitude/longitude information from the sign-in activity
      type: string
      required: false
  risk:
    id:
      title: ID
      description: Unique ID of the risk detection
      type: string
      required: true
    request_id:
      title: Request ID
      description: Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in
      type: string
      required: false
    correlation_id:
      title: Correlation ID
      description: Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in
      type: string
      required: false
    risk_type:
      title: Risk Type
      description: The type of risk event detected
      type: string
      required: false
    risk_state:
      title: Risk State
      description: The state of a detected risky user or sign-in
      type: string
      required: false
    risk_level:
      title: Risk Level
      description: Level of the detected risk
      type: string
      required: false
    risk_detail:
      title: Risk Detail
      description: Details of the detected risk. Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned hidden
      type: string
      required: false
    source:
      title: Risk Level
      description: Source of the risk detection. For example, activeDirectory
      type: string
      required: false
    detection_timing_type:
      title: Detection Timimg Type
      description: Timing of the detected risk (real-time/offline). The possible values are notDefined, realtime, nearRealtime, offline, unknownFutureValue
      type: string
      required: false
    activity:
      title: Activity
      description: Indicates the activity type the detected risk is linked to. The possible values are signin, user, unknownFutureValue
      type: string
      required: false
    token_issuer_type:
      title: Token Issuer Type
      description: Indicates the type of token issuer for the detected sign-in risk. The possible values are AzureAD, ADFederationServices, and unknownFutureValue
      type: string
      required: false
    ip_address:
      title: IP Address
      description: IP address of the client from where the risk occurred
      type: string
      required: false
    location:
      title: Location
      description: Location of the client from where the risk occurred
      type: sign_in_location
      required: false
    activity_date_time:
      title: Activity Date Time
      description: Date and time that the risky activity occurred
      type: string
      required: false
    detected_date_time:
      title: Detected Date Time
      description: Date and time that the risk was detected
      type: string
      required: false
    last_updated_date_time:
      title: Last Updated Date Time
      description: Date and time that the risk detection was last updated
      type: string
      required: false
    user_id:
      title: User ID
      description: User ID
      type: string
      required: false
    user_display_name:
      title: User Display Name
      description: User display name
      type: string
      required: false
    user_principal_name:
      title: User Principal Name
      description: The user principal name (UPN) of the user
      type: string
      required: false
    additional_info:
      title: Additional Information
      description: Additional information associated with the risk detection
      type: string
      required: false

connection:
  tenant_id:
    title: Tenant ID
    description: The ID of the directory that identifies the tenant
    type: string
    required: true
  application_id:
    title: App ID
    description: The ID of the registered application that obtained the refresh token
    type: string
    required: true
  application_secret:
    title: App Secret
    description: The secret of the registered application that obtained the refresh token
    type: credential_secret_key
    required: true
actions:
  disable_user_account:
    title: Disable User Account
    description: Disable a user account. This action will not disable an administrative account
    input:
      user_id:
        title: User ID
        type: string
        description: User ID to disable e.g. user@example.com
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  enable_user_account:
    title: Enable User Account
    description: Enable a user account
    input:
      user_id:
        title: User ID
        type: string
        description: User ID to enable e.g. user@example.com
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  get_user_info:
    title: Get User Info
    description: Get user information
    input:
      user_id:
        title: User ID
        type: string
        description: User ID e.g. user@example.com
        required: true
    output:
      user_information:
        title: User Information
        description: Information about a user
        type: user_information
        required: true
  create_user:
    title: Create User and Notify
    description: Create a user with a randomly generated password and send out an email with the password
    input:
      display_name:
        title: Display Name
        description: The name to display in the address book for the user e.g. displayName-value
        type: string
        required: true
      mail_nickname:
        title: Mail Nickname
        description: The mail alias for the user e.g. mailNickname-value
        required: false
        type: string
      user_principal_name:
        title: User Principal Name
        description: The user principal name e.g. user@example.com
        required: true
        type: string
      account_enabled:
        title: Account Enabled
        description: True if the account is enabled; otherwise, false
        type: boolean
        default: true
        required: false
      notify_email_body:
        required: false
        title: Notify Email Body
        type: string
        description: Body of the email to be sent out. Use $password to place the generated password
      notify_recipient:
        required: true
        title: Recipient of Creation Email
        type: string
        description: Email address of the account to be notified of user creation
      notify_from:
          required: true
          title: Notify from
          description: User from which email notifcation will be sent
          type: string
    output:
      success:
        title: Success
        type: boolean
        required: true
        description: Did the step succeed
  force_user_to_change_password:
    title: Force User to Change Password
    description: Forces a user to change their password on their next successful login
    input:
      user_id:
        title: User ID
        type: string
        description: User ID
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  get_group_by_name:
    title: Get Group by Name
    description: Get a group by it's name
    input:
      name:
        title: Name
        description: Name
        type: string
        required: true
    output:
        group:
          title: Group
          description: Group
          type: group
          required: false
  add_user_to_group:
    title: Add User to Group
    description: Add a user to a group
    input:
      user_id:
        title: User ID
        description: User ID e.g. user@example.com
        type: string
        required: true
      group_name:
        title: Group Name
        description: Group Name e.g. My Azure Group
        type: string
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: false
  add_user_to_groups_by_id:
    title: Add User to Groups by ID
    description: Add a user to a set of groups by group ID
    input:
      user_id:
        title: User ID
        description: User ID e.g. user@example.com
        type: string
        required: true
        example: user@example.com
      group_id:
        title: Group IDs
        description: IDs of Groups to Add User to
        type: "[]string"
        required: true
        example: ["b4d41d4-eb13-4a33-99b5-7d7290df22e9"]
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: false
  remove_user_from_group:
    title: Remove User from Group
    description: Remove a user from a group
    input:
      user_id:
        title: User ID
        description: User ID e.g. user@example.com
        type: string
        required: true
      group_name:
        title: Group Name
        description: Group Name e.g. My Azure Group
        type: string
        required: true
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: false
  update_user_info:
    title: Update User Information
    description: Update a users information
    input:
      city:
        title: City
        type: string
        description: The city in which the user is located
        required: false
        example: Boston
      country:
        title: Country
        type: string
        description: The country or region in which the user is located; for example, US or UK
        required: false
        example: US
      department:
        title: Department
        type: string
        description: The name for the department in which the user works
        required: false
        example: IT
      job_title:
        title: Job Title
        type: string
        description: The user’s job title
        required: false
        example: Desktop Technician
      state:
        title: State
        type: string
        description: The state or province in the users address
        required: false
        example: MA
      user_id:
        title: User ID
        description: User to updates ID
        type: string
        required: true
        example: user@example.com
      user_type:
        title: User Type
        type: string
        description: A string value that can be used to classify user types in your directory, such as Member and Guest
        required: false
        example: Member
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
  revoke_sign_in_sessions:
    title: Revoke Sign-In Sessions
    description: This will require the user to log back in after any page they are on is refreshed by invalidating all refresh tokens and cookies
    input:
      user_id:
        title: User ID
        description: User ID
        type: string
        example: user@example.com
        required: true
    output:
      success:
        title: Success
        description: Was the operation successful
        type: boolean
        required: true

triggers:
  risk_detection:
    title: Risk Detection
    description: Provides list of both user and sign-in linked risk detections and associated information about the detection
    input:
      frequency:
        type: integer
        description: Poll frequency in seconds
        default: 60
        required: false
      risk_level:
        title: Risk Level
        description: Risk level
        type: string
        required: true
        enum:
          - "low"
          - "medium"
          - "high"
          - "hidden"
          - "none"
          - "all"
    output:
      risk:
        title: Risk
        description: Risk
        type: risk
        required: true
Other plugins
SSH
Rapid7   |   v4.0.0
Plugin
Get
Ivanti Security Controls
Rapid7   |   v1.2.0
Plugin
Get
Trend Micro Apex
Rapid7   |   v1.1.0
Plugin
Get
Palo Alto Firewall
Rapid7   |   v5.1.1
Plugin
Get
REST
Rapid7   |   v3.0.3
Plugin
Get