Skip to content

Add Silverfort Identity Security integration #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
FrankGasparovic wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add Silverfort Identity Security integration #430

FrankGasparovic wants to merge 1 commit into from

Conversation

@FrankGasparovic
Copy link

@FrankGasparovic FrankGasparovic commented Jan 14, 2026

Description

Please provide a detailed description of your changes. This helps reviewers understand your work and its context.

What problem does this PR solve?

This PR adds a new community integration for Silverfort Identity Security, enabling Google SecOps SOAR users to interact with Silverfort's identity protection platform. The integration provides capabilities for:

  • Risk Management: Get and update entity risk scores for users and resources
  • Service Account Protection: List, retrieve, and configure protection policies for service accounts
  • Authentication Policy Management: Create, update, enable/disable authentication policies

How does this PR solve the problem?

Added a complete integration under content/response_integrations/third_party/community/silverfort/ with:

  • 11 Actions:

    • Ping - Test connectivity to Silverfort API
    • Get Entity Risk - Retrieve risk information for users/resources
    • Update Entity Risk - Set risk levels based on external threat intelligence
    • Get Service Account - Get detailed service account information
    • List Service Accounts - List all service accounts with pagination
    • Update SA Policy - Configure service account protection policies
    • Get Policy - Retrieve authentication policy details
    • List Policies - List all authentication policies
    • Update Policy - Modify policy settings
    • Change Policy State - Enable/disable policies

  • Core Components:

    • JWT-based authentication with automatic token refresh
    • Separate API clients for Risk, Service Account, and Policy APIs
    • Comprehensive data models using Python dataclasses
    • Custom exception handling

  • Tests:

    • 16 unit tests covering all actions
    • Mock infrastructure for API responses
    • Standard import test (test_defaults/test_imports.py)

Any other relevant information (e.g., design choices, tradeoffs, known issues):

  • The integration supports multiple API credentials (Risk API, Service Accounts API, Policies API) configured separately in the integration settings
  • Uses slots=True for dataclasses for memory efficiency
  • All tests pass and validation completes successfully
  • Follows the same patterns as other community integrations (e.g., grey_noise, vectra_rux)

Checklist:

Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.

General Checks:

  • I have read and followed the project's contributing.md guide.
  • My code follows the project's coding style guidelines.
  • I have performed a self-review of my own code.
  • My changes do not introduce any new warnings.
  • My changes pass all existing tests.
  • I have added new tests where appropriate to cover my changes. (If applicable)
  • I have updated the documentation where necessary (e.g., README, API docs). (If applicable)

Open-Source Specific Checks:

  • My changes do not introduce any Personally Identifiable Information (PII) or sensitive customer data.
  • My changes do not expose any internal-only code examples, configurations, or URLs.
  • All code examples, comments, and messages are generic and suitable for a public repository.
  • I understand that any internal context or sensitive details related to this work are handled separately in internal systems (Buganizer for Google team members).

For Google Team Members and Reviewers Only:

  • I have included the Buganizer ID in the PR title or description (e.g., "Internal Buganizer ID: 123456789" or "Related Buganizer: go/buganizer/123456789").
  • I have ensured that all internal discussions and PII related to this work remain in Buganizer.
  • I have tagged the PR with one or more labels that reflect the pull request purpose.

Screenshots (If Applicable)

N/A - Backend integration only, no UI changes.

Further Comments / Questions

  • Validation Results: All 16 tests pass, mp validate --integration silverfort completes successfully
  • Build Output: Integration builds correctly with mp build --integration silverfort
  • Dependencies: Uses standard dependencies (requests, PyJWT) already available in the SOAR environment

@google-cla
Copy link

google-cla bot commented Jan 14, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FrankGasparovic