Alexa
Integration version: 6.0
Configure Alexa to work with Google Security Operations SOAR
Retrieve Access Key ID and Secret Access Key
To obtain your Access Key ID and Secret Access Key, sign in to your AWS account.
Click on your username on the upper right side of the screen and choose My Security Credentials from the drop-down menu.
In the Your Security Credentials page, expand the Access keys (access key ID and secret access key) option and click Generate New Access Key.
To display the generated key on the screen, click Show Access Key. To download it, click Download Key File.
Network
| Function | Default port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apikey |
Configure Alexa integration in Google Security Operations SOAR
For detailed instructions about how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter name | Type | Default value | Is mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the instance. |
| Access key id | String | N/A | Yes | Access key generated in Alexa's console. |
| Secret access key | String | N/A | Yes | Generated in Alexa's console with Access key ID. |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Get URL Rank
Description
Query Alexa for URL rank information. Broadly, Alexa rank represents a measure of a website's popularity, and shows how a website is doing compared to other sites. The indicated makes it a great KPI for benchmarking, and competitive analysis.
Parameters
| Parameter name | Type | Default value | Is mandatory | Description |
|---|---|---|---|---|
| Threshold | String | N/A | Yes | Rank e.g. 5. |
Run on
This action runs on the URL entity.
Action results
Script result
| Script name | Value options | Example |
|---|---|---|
| is_risky | True or False | is_risky:False |
JSON result
[
{
"EntityResult":
{
"TrafficData": [
{
"text": " ",
"DataUrl": [
{
"text": "domain.com",
"type": "canonical"
}],
"Rank": [
{
"text": "5"
}
]
}
],
"text": " ",
"Request": [
{
"text": " ",
"Arguments": [
{
"text": " ",
"Argument": [
{
"text": " ",
"Name": [
{
"text": "url"
}
],
"Value": [
{
"text": "domain.com"
}]}, {
"text": " ",
"Name": [
{
"text": "responsegroup"
}
],
"Value": [
{
"text": "Rank"
}]}]}]}]},
"Entity": "domain.com"
}
]
Entity enrichment
Entities are marked as suspicious (True) if they exceed the threshold. Else: False.
| Enrichment field name | Logic - When to apply |
|---|---|
| Alexa_Rank | Returns if it exists in JSON result |
| TrafficData | Returns if it exists in JSON result |
| text | Returns if it exists in JSON result |
| Request | Returns if it exists in JSON result |
Insights
| Severity | Description |
|---|---|
| Warn | A warning insight is created when the enriched file has a malicious status. The insight is created when the number of detected engines equals or exceeds the minimum suspicious Threshold set before scan. |
Ping
Description
Test connectivity to Alexa with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Parameters
N/A
Run on
This action runs on all entities.
Action results
Script result
| Script result name | Value options | Example |
|---|---|---|
| is_succeed | True or False | is_succeed:False |