TIM - Indicator Auto-Processing

Details
Content
Dependencies
Version History

Too many threat feeds? This Content Pack automates the processing of indicators at scale, significantly reducing busywork for your analysts.

Threat Intelligence is core to incident response. If you integrate it into your incident response workflow, you can then map external threat data to what’s happening internally. As hundreds of thousands of indicators may be created or updated on a daily basis, Cortex XSOAR provides the automations that allow you to perform many tasks related to threat intelligence indicators.
The TIM - Indicator Auto-Processing pack includes playbooks that automate the processing of indicators for many use cases such as tagging, checking for existence in various exclusion or other lists of interest, running enrichment for specific indicators and preparing indicators if necessary for a manual review in case additional approval is required. This helps you quickly separate relevant indicators from irrelevant ones.
With this content pack, you can significantly reduce the time your threat intelligence analysts spend on reviewing hundreds of thousands of indicators by performing many pre-defined logics and processing tasks automatically.

What does this pack do?

The playbooks included in this pack help you automate repetitive tasks associated with with the handling of indicators:

Check if indicators are related to internal exclusion lists such as business partners or other approved origin.
Validate CIDR indicator size in order not to approve or deny large CIDR ranges.
Create incidents for indicators that require additional analyst review and chain of approval.
Run additional enrichment for indicators ingested by specific feeds.
Check Whois to validate domains registrant and time of creation.
Check if an indicator with a tag of organizational_external_ip has been updated and keeps or removes the tag according to the results.
Process indicators against IP and CIDR lists.

For more information, visit our Cortex XSOAR Developer Docs.

Threat Intelligence is core to incident response. If you integrate it into your incident response workflow, you can then map external threat data to what’s happening internally. As hundreds of thousands of indicators may be created or updated on a daily basis, Cortex XSIAM provides the automations that allow you to perform many tasks related to threat intelligence indicators.
The TIM - Indicator Auto-Processing pack includes playbooks that automate the processing of indicators for many use cases such as tagging, checking for existence in various exclusion or other lists of interest, running enrichment for specific indicators and preparing indicators if necessary for a manual review in case additional approval is required. This helps you quickly separate relevant indicators from irrelevant ones.
With this content pack, you can significantly reduce the time your threat intelligence analysts spend on reviewing hundreds of thousands of indicators by performing many pre-defined logics and processing tasks automatically.

What does this pack do?

The playbooks included in this pack help you automate repetitive tasks associated with with the handling of indicators:

Check if indicators are related to internal exclusion lists such as business partners or other approved origin.
Validate CIDR indicator size in order not to approve or deny large CIDR ranges.
Create incidents for indicators that require additional analyst review and chain of approval.
Run additional enrichment for indicators ingested by specific feeds.
Check Whois to validate domains registrant and time of creation.
Check if an indicator with a tag of organizational_external_ip has been updated and keeps or removes the tag according to the results.
Process indicators against IP and CIDR lists.

For more information, visit our Cortex XSIAM Developer Docs.

Incident Types

Name	Description
Review Indicators Manually
Review Indicators Manually For Allowlisting

Layouts

Name	Description
Review Indicators Manually For Allowlisting Incident
Review Indicators Manually Incident

Playbooks

Name	Description
TIM - Indicator Relationships Analysis	This playbook is designed to assist with a security investigation by providing an analysis of indicator relationships. The following information is included: Indicators of compromise (IOCs) related to the investigation. Attack patterns related to the investigation. Campaigns related to the investigation. IOCs associated with the identified campaigns. Reports containing details on the identified campaigns.
TIM - Process Indicators Against Business Partners Domains List	This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the business partner domains, and tags the indicators accordingly.
TIM - Process CIDR Indicators By Size	This playbook processes CIDR indicators of both IPV4 and IPV6. By specifying in the inputs the maximum number of hosts allowed per CIDR, the playbook tags any CIDR that exceeds the number as pending_review. If the maximum CIDR size is not specified in the inputs, the playbook does not run.
TIM - Update Indicators Organizational External IP Tag	This playbook checks if an indicator with a tag of organizational_external_ip has been updated and keeps/removes the tag according to the check results.
TIM - Run Enrichment For Url Indicators	This playbook processes indicators by enriching indicators based on the indicator feed's reputation, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators.
TIM - Process File Indicators With File Hash Type	This playbook processes file indicator by tagging them with the relevant file hash type tag, such as Sha256, Sha1, and Md5.
TIM - Process Indicators Against Business Partners IP List	This playbook processes indicators to check if they exist in a Cortex XSOAR list containing business partner IP addresses, and tags the indicators accordingly.
TIM - Process Indicators - Fully Automated	This playbook tags indicators ingested from high reliability feeds. The playbook is triggered due to a Cortex XSOAR job. The indicators are tagged as approved_allow, approved_block, approved_watchlist. The tagged indicators will be ready for consumption for 3rd party systems such as SIEM, EDR etc.
TIM - Run Enrichment For All Indicator Types	This playbook performs enrichment on indicators based on playbook query, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators. Example queries can be "tags:example_tag" for indicators with a specific tag. For a specific feed name" the query will be "sourceBrands:example_feed". For a specifc reputation the query will be "reputation:None" etc.
TIM - Indicator Auto Processing	This playbook uses several sub playbooks to process and tag indicators, which is used to identify indicators that shouldn't be added to block list. For example IP indicators that belong to business partners or important hashes we wish to not process. Additional sub playbooks can be added for improving the business logic and tagging according to the user's needs. This playbook doesn't have its own indicator query as it processes indicators provided by the parent playbook query. To enable the playbook, provide the relevant list names in the sub playbook indicators, such as the ApprovedHashList, OrganizationsExternalIPListName, BusinessPartnersIPListName, etc. Also be sure to append the results of additional sub playbooks to Set indicators to Process Indicators for the additional playbooks results to be in the outputs.
TIM - Process Indicators Against Business Partners URL List	This playbook processes indicators to check if they exist in a Cortex XSOAR list containing business partner urls, and tags the indicators accordingly. To enable the playbook, provide a Cortex XSOAR list name containing business partner urls.
TIM - Run Enrichment For IP Indicators	This playbook processes indicators by enriching indicators based on the indicator feed's reputation, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators.
TIM - Review Indicators Manually For Allowlisting	This playbook helps analysts manage the manual process of adding indicators from cloud providers, apps, services etc. to an allow list. The playbook indicator query is set to search for indicators that have the 'allowlist_review' tag. The playbooks layout displays all of the related indicators in the summary page. While reviewing the indicators, the analyst can go to the summary page and tag the indicators accordingly with tags such as, 'approved_block', 'approved_allow', etc. Once the analyst completes the review, the playbook can optionally send an email with a list of changes done by the analyst which haven't been approved. Once complete, the playbook removes the 'allowlist review' tag from the indicators.
TIM - Process Indicators Against Approved Hash List	This playbook checks if file hash indicators exist in a Cortex XSOAR list. If the indicators exist in the list, they are tagged as approved_hash.
TIM - Review Indicators Manually	This playbook helps analysts manage the manual process of reviewing indicators. The playbook indicator query is set to search for indicators that have the 'pending review' tag. The playbook's layout displays all of the related indicators in the summary page. While reviewing the indicators, the analyst can go to the summary page and tag the indicators accordingly with tags 'such as, 'approved_block', 'approved_allow', etc. Once the analyst completes their review, the playbook can optionally send an email with a list of changes done by the analyst which haven't been approved. Once complete, the playbook removes the 'pending review' tag from the indicators.
TIM - Run Enrichment For Domain Indicators	This playbook processes indicators by enriching indicators based on the indicator feed's reputation, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators.
TIM - Process Indicators - Manual Review	This playbook tags indicators ingested by feeds that require manual approval. The playbook is triggered due to a job. The indicators are tagged as requiring a manual review. The playbook optionally concludes with creating a new incident that includes all of the indicators that the analyst must review. To enable the playbook, the indicator query needs to be configured. An example query is a list of the feeds whose ingested indicators should be manually reviewed. For example, sourceBrands:"Feed A" or sourceBrands:"Feed B".
TIM - Indicators Exclusion By Related Incidents	This playbooks allows you to exclude indicators according to the number of incidents the indicator is related to. The indicator query is "investigationsCount:>=X" where X is the number of related incidents to the indicator that you set. Excluded indicators are located in the Cortex XSOAR exclusion list and are removed from all of their related incidents and future ones. The purpose of excluding these indicators is to reduce the amount internal and common indicators appearing in many incidents and showing only relevant indicators. Creating exclusions can also accelerate performance.
TIM - Run Enrichment For Hash Indicators	This playbook processes indicators by enriching indicators based on the indicator feed's reputation, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators.
TIM - Process Indicators Against Organizations External IP List	This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the organizational External IP addresses or CIDR, and tags the indicators accordingly.

Playbooks

Name

Description

TIM - Indicator Relationships Analysis

This playbook is designed to assist with a security investigation by providing an analysis of indicator relationships. The following information is included:

Indicators of compromise (IOCs) related to the investigation.
Attack patterns related to the investigation.
Campaigns related to the investigation.
IOCs associated with the identified campaigns.
Reports containing details on the identified campaigns.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (46)

Pack Name	Pack By
APIVoid	By: Cortex XSOAR
AbuseIPDB	By: Cortex XSOAR
AlienVault OTX	By: Cortex XSOAR
Anomali ThreatStream	By: Cortex XSOAR
AutoFocus by Palo Alto Networks	By: Cortex XSOAR
Awake Security	By: Cortex XSOAR
Cisco Umbrella Investigate	By: Cortex XSOAR
CrowdStrike Falcon Intel	By: Cortex XSOAR
DomainTools Enterprise	By: DomainTools
DomainTools Iris Investigate	By: DomainTools
EclecticIQ Platform	By: EclecticIQ
Flashpoint	By: Flashpoint
Chronicle	By: Chronicle
Google Safe Browsing	By: Cortex XSOAR
HelloWorld	By: Cortex XSOAR
Ipstack	By: Cortex XSOAR
IsItPhishing	By: Cortex XSOAR
Lastline	By: Cortex XSOAR
MISP	By: Cortex XSOAR
Maltiverse	By: Cortex XSOAR
MaxMind GeoIP2	By: Cortex XSOAR
McAfee Threat Intelligence Exchange	By: Cortex XSOAR
OpenPhish	By: Cortex XSOAR
WildFire by Palo Alto Networks	By: Cortex XSOAR
PassiveTotal	By: RiskIQ
PhishTank	By: Cortex XSOAR
PolySwarm	By: PolySwarm
Pwned	By: Cortex XSOAR
ReversingLabs A1000	By: ReversingLabs
ReversingLabs TitaniumCloud	By: ReversingLabs
Shodan	By: Cortex XSOAR
SlashNext Phishing Incident Response - Annual Subscription (Direct Subscription)	By: SlashNext
ThreatConnect	By: Cortex XSOAR
ThreatExchange	By: Cortex XSOAR
ThreatMiner	By: Cortex XSOAR
ThreatQ	By: Cortex XSOAR
TruSTAR (Deprecated)	By: TruSTAR
URLhaus	By: Cortex XSOAR
URLScan.io	By: urlscan GmbH
VirusTotal	By: VirusTotal
Whois	By: Cortex XSOAR
IBM X-Force Exchange	By: Cortex XSOAR
Zscaler Internet Access	By: Cortex XSOAR
Analyst1	By: Analyst1
Ipinfo	By: Cortex XSOAR
FireEye iSIGHT	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.27 - R1502510 (October 13, 2024)

Incident Types

Review Indicators Manually For Allowlisting
Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist". Renamed from 'Review Indicators Manually For Whitelisting'.

Layouts

Review Indicators Manually For Allowlisting Incident
Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist". Renamed from 'Review Indicators Manually For Whitelisting Incident'.

Playbooks

Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist".

TIM - Process Indicators - Fully Automated

Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist".

TIM - Indicator Auto Processing

Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist".

TIM - Review Indicators Manually For Allowlisting

Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist". Renamed from 'TIM - Review Indicators Manually For Whitelisting'.

TIM - Review Indicators Manually

Updated the terminology from "blacklist"/"whitelist" to "blocklist"/"allowlist".

Related pull requests:
- 36703
- 36548

Download

1.1.26 - 1129454 (June 27, 2024)

Playbooks

TIM - Process Indicators - Manual Review

Fixed an issue with the playbook inputs query.

TIM - Review Indicators Manually

Fixed an issue with the subplaybook context not being set as global.

Related pull requests:
- 35085

Download

1.1.25 - 1082615 (June 10, 2024)

TIM - Indicator Auto-Processing

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

1.1.24 - 998827 (May 6, 2024)

TIM - Indicator Auto-Processing

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

1.1.23 - R828628 (February 14, 2024)

TIM - Indicator Auto-Processing

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

1.1.22 - 6285754 (September 10, 2023)

TIM_Processing

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 29466

Download

1.1.21 - 5969979 (August 6, 2023)

TIM_Processing

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 28753

Download

1.1.20 - 5698017 (July 6, 2023)

Playbooks

TIM - Indicator Relationships Analysis

Added incident fields mapping for Related Campaign and Related Attack Patterns.

Related pull requests:
- 27808

Download

1.1.19 - 5618116 (June 26, 2023)

Incident Types

Review Indicators Manually
Review Indicators Manually For Whitelisting

Layouts

Review Indicators Manually Incident
Set the layout to support XSOAR marketplace.
Review Indicators Manually For Whitelisting Incident
Set the layout to support XSOAR marketplace.

Playbooks

TIM - Process Indicators Against Approved Hash List

Set the playbook to support XSOAR marketplace.

Set the playbook to support XSOAR marketplace.

TIM - Process File Indicators With File Hash Type

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators Against Business Partners Domains List

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators Against Business Partners URL List

Set the playbook to support XSOAR marketplace.

TIM - Review Indicators Manually For Whitelisting

Set the playbook to support XSOAR marketplace.

TIM - Run Enrichment For IP Indicators

Set the playbook to support XSOAR marketplace.

TIM - Process CIDR Indicators By Size

Set the playbook to support XSOAR marketplace.

TIM - Review Indicators Manually

Set the playbook to support XSOAR marketplace.

TIM - Update Indicators Organizational External IP Tag

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators Against Organizations External IP List

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators Against Business Partners IP List

Set the playbook to support XSOAR marketplace.

TIM - Run Enrichment For Domain Indicators

Set the playbook to support XSOAR marketplace.

TIM - Run Enrichment For Url Indicators

Set the playbook to support XSOAR marketplace.

TIM - Run Enrichment For Hash Indicators

Set the playbook to support XSOAR marketplace.

TIM - Run Enrichment For All Indicator Types

Set the playbook to support XSOAR marketplace.

TIM - Indicator Auto Processing

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators - Fully Automated

Set the playbook to support XSOAR marketplace.

TIM - Process Indicators - Manual Review

Set the playbook to support XSOAR marketplace.

Related pull requests:
- 27724

Download

1.1.17 - R5514256 (June 13, 2023)

Playbooks

TIM - Run Enrichment For IP Indicators

Fixed an issue in the task "Are there suspicious results?" (#134) which was filtering the wrong score value (0 and not 2).

Related pull requests:
- 26376

Download

1.1.16 - 5189071 (May 4, 2023)

Playbooks

TIM - Indicator Relationships Analysis

Removed unnecessary tasks filters, allowing the playbook to now support multiple indicators.

Related pull requests:
- 26029

Download

1.1.15 - R5170573 (May 2, 2023)

Playbooks

TIM - Indicator Relationships Analysis

A condition that checks if input indicator is exist were added.

Related pull requests:
- 23840

Download

1.1.14 - 4384217 (January 12, 2023)

Playbooks

TIM - Indicator Relationships Analysis

Changed auto-extract to 'None'.

Related pull requests:
- 23793

Download

1.1.13 - R4372591 (January 11, 2023)

Playbooks

New: TIM - Indicator Relationships Analysis

This playbook is designed to assist with a security investigation by providing an analysis of indicator relationships. The following information is included:

Indicators of compromise (IOCs) related to the investigation.
Attack patterns related to the investigation.
Campaigns related to the investigation.
IOCs associated with the identified campaigns.
Reports containing details on the identified campaigns.

Related pull requests:
- 23544

Download

1.1.12 - R3917401 (October 26, 2022)

Playbooks

TIM - Process CIDR Indicators By Size

Maintenance and stability enhancements.

Related pull requests:
- 16895

Download

1.1.11 - R2146019 (December 21, 2021)

Playbooks

New: TIM - Run Enrichment For Hash Indicators

This playbook processes indicators by enriching indicators
based on the indicator feed's reputation, as specified in the playbook
inputs. This playbook needs to be used with caution as it might use up the user
enrichment integration's API license when running enrichment for large amounts of
indicators. (Available from Cortex XSOAR 6.0.0).

The playbook uses the EnrichIndicators command rather then the previous file command.
This fixes the issue of indicators not getting updated properly.

TIM - Run Enrichment For Domain Indicators

The playbook uses the EnrichIndicators command rather then the previous domain command.
This fixes the issue of indicators not getting updated properly.

New: TIM - Run Enrichment For IP Indicators

The playbook uses the EnrichIndicators command rather then the previous ip command.
This fixes the issue of indicators not getting updated properly.

New: TIM - Run Enrichment For Url Indicators

The playbook uses the EnrichIndicators command rather then the previous url command.
This fixes the issue of indicators not getting updated properly.

Download

1.1.10 - 2042391 (December 2, 2021)

Playbooks

TIM - Process Indicators - Manual Review

Documentation fixes

TIM - Review Indicators Manually For Whitelisting

Documentation fixes

TIM - Process Indicators - Fully Automated

Documentation fixes

TIM - Indicator Auto Processing

Documentation fixes

Download

1.1.9 - 1959372 (November 16, 2021)

Playbooks

TIM - Process File Indicators With File Hash Type

Fixed conditional tasks filtering.

Download

1.1.8 - R381353 (June 8, 2021)

Playbooks

New: TIM - Update Indicators Organizational External IP Tag

This playbook checks if an indicator with a tag of organizational_external_ip has been updated and keeps or removes the tag according to the results. (Available from Cortex XSOAR 5.5.0).

TIM - Process Indicators Against Organizations External IP List

Added support for processing indicators against a CIDR list.

Download

1.1.7 - 358188 (May 18, 2021)

Playbooks

TIM - Run Enrichment For Url Indicators

Fixed an issue where the playbook input descriptions were incorrect.

TIM - Run Enrichment For Domain Indicators

Fixed an issue where the playbook input descriptions were incorrect.

TIM - Run Enrichment For Hash Indicators

Fixed an issue where the playbook input descriptions were incorrect.

TIM - Run Enrichment For IP Indicators

Fixed an issue where the playbook input descriptions were incorrect.

Download

1.1.6 - R356164 (May 14, 2021)

TIM_Processing

Documentation and metadata improvements.

Download

1.1.5 - R116525 (September 15, 2020)

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	September 15, 2020
Last Release	October 13, 2024

Threat Intelligence Management

WORKS WITH THE FOLLOWING INTEGRATIONS:

McAfee Threat Intelligence Exchange (Deprecated)

ReversingLabs TitaniumCloud (Deprecated)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

TIM - Indicator Auto-Processing

What does this pack do?

What does this pack do?

Incident Types

Layouts

Playbooks

TIM - Indicators Exclusion By Related Incidents

TIM - Process Indicators - Fully Automated

TIM - Indicator Auto Processing

TIM - Review Indicators Manually For Allowlisting

TIM - Review Indicators Manually

Playbooks

TIM - Process Indicators - Manual Review

TIM - Review Indicators Manually

TIM - Indicator Auto-Processing

TIM - Indicator Auto-Processing

TIM - Indicator Auto-Processing

TIM_Processing

TIM_Processing

Playbooks

TIM - Indicator Relationships Analysis

Incident Types

Layouts

Playbooks

TIM - Process Indicators Against Approved Hash List

TIM - Indicators Exclusion By Related Incidents

TIM - Process File Indicators With File Hash Type

TIM - Process Indicators Against Business Partners Domains List

TIM - Process Indicators Against Business Partners URL List

TIM - Review Indicators Manually For Whitelisting

TIM - Run Enrichment For IP Indicators

TIM - Process CIDR Indicators By Size

TIM - Review Indicators Manually

TIM - Update Indicators Organizational External IP Tag

TIM - Process Indicators Against Organizations External IP List

TIM - Process Indicators Against Business Partners IP List

TIM - Run Enrichment For Domain Indicators

TIM - Run Enrichment For Url Indicators

TIM - Run Enrichment For Hash Indicators

TIM - Run Enrichment For All Indicator Types

TIM - Indicator Auto Processing

TIM - Process Indicators - Fully Automated

TIM - Process Indicators - Manual Review

Playbooks

TIM - Run Enrichment For IP Indicators

Playbooks

TIM - Indicator Relationships Analysis

Playbooks

TIM - Indicator Relationships Analysis

Playbooks

TIM - Indicator Relationships Analysis

Playbooks

New: TIM - Indicator Relationships Analysis

Playbooks

TIM - Process CIDR Indicators By Size

Playbooks

New: TIM - Run Enrichment For Hash Indicators

TIM - Run Enrichment For Domain Indicators

New: TIM - Run Enrichment For IP Indicators

New: TIM - Run Enrichment For Url Indicators

Playbooks

TIM - Process Indicators - Manual Review

TIM - Review Indicators Manually For Whitelisting

TIM - Process Indicators - Fully Automated

TIM - Indicator Auto Processing

Playbooks

TIM - Process File Indicators With File Hash Type

Playbooks

New: TIM - Update Indicators Organizational External IP Tag

TIM - Process Indicators Against Organizations External IP List

Playbooks

TIM - Run Enrichment For Url Indicators

TIM - Run Enrichment For Domain Indicators

TIM - Run Enrichment For Hash Indicators

TIM - Run Enrichment For IP Indicators

TIM_Processing

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS: