Stay organized with collections
Save and categorize content based on your preferences.
Elastica CloudSOC
Integration version: 5.0
Overview
Configure Elastica CloudSOC integration in Google Security Operations
For detailed instructions on how to configure an integration in
Google SecOps, see Configure
integrations.
Actions
Get User Activities
Description
Fetch user activities from Symantec CloudSOC. Symantec CloudSOC provides
insights into user activity and an overview of how cloud applications are used.
Parameters
Parameters
Type
Default Value
Description
Minutes Back
String
N/A
Fetch logs since 'x' minutes backwards. Example: 5
Use cases
N/A
Run On
This action runs on the User entity.
Action Results
Entity Enrichment
Entities are marked as Suspicious (True) if they exceed threshold. Else: False.
Enrichment Field Name
Logic - When to apply
browser
Returns if it exists in JSON result
_domain
Returns if it exists in JSON result
severity
Returns if it exists in JSON result
latitude
Returns if it exists in JSON result
user
Returns if it exists in JSON result
object_type
Returns if it exists in JSON result
location
Returns if it exists in JSON result
longitiude
Returns if it exists in JSON result
device
Returns if it exists in JSON result
host
Returns if it exists in JSON result
user_agent
Returns if it exists in JSON result
created_timestamp
Returns if it exists in JSON result
event_type
Returns if it exists in JSON result
message
Returns if it exists in JSON result
user_name
Returns if it exists in JSON result
inserted_timestamp
Returns if it exists in JSON result
activity_type
Returns if it exists in JSON result
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_succeed
True/False
is_succeed:False
JSON Result
[{"EntityResult":{"browser":"Chrome","_domain":"siemplify.co","severity":"error","service":"Elastica","latitude":32.0678,"user":"john_doe@example.com","object_type":"Session","location":"Tel Aviv (Israel)","longitude":34.7647,"device":"Windows","host":"1.1.1.1","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36","created_timestamp":"2019-01-20T07:49:14","event_type":"PORTAL_LOGIN_FAILURE","message":"Failed login attempt by user 'john_doe@example.com'","_id":"--Fi3z-1QHewAgPiTQlvXQ","user_name":"Meny Har","inserted_timestamp":"2019-01-20T07:49:14","activity_type":"Failure"},"Entity":"john_doe@example.com"}]
Ping
Description
Verifies connectivity to the Symantec CloudSOC server.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThe Elastica CloudSOC integration, now known as Symantec CloudSOC after acquisitions by Symantec and Broadcom, can be configured within Google Security Operations SOAR.\u003c/p\u003e\n"],["\u003cp\u003eThe primary action, "Get User Activities," allows fetching user activity logs from Symantec CloudSOC, providing insights into cloud application usage.\u003c/p\u003e\n"],["\u003cp\u003eUser activity logs can be retrieved based on a specified "Minutes Back" parameter, for example, fetching logs from the past 5 minutes.\u003c/p\u003e\n"],["\u003cp\u003eThe integration enriches entities with fields like browser, domain, severity, latitude, and user details if they are found in the JSON result.\u003c/p\u003e\n"],["\u003cp\u003eThe integration also includes a "Ping" action to verify the connectivity with the Symantec CloudSOC server.\u003c/p\u003e\n"]]],[],null,["# Elastica CloudSOC\n=================\n\nIntegration version: 5.0\n| **Important:** Elastica CloudSOC was acquired by Symantec and then by Broadcom and became Symantec CloudSOC.\n\nOverview\n--------\n\nConfigure Elastica CloudSOC integration in Google Security Operations\n---------------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Get User Activities\n\n#### Description\n\nFetch user activities from Symantec CloudSOC. Symantec CloudSOC provides\ninsights into user activity and an overview of how cloud applications are used.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on the User entity.\n\n#### Action Results\n\n##### Entity Enrichment\n\nEntities are marked as Suspicious (True) if they exceed threshold. Else: False.\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n [{\n \"EntityResult\":\n {\n \"browser\": \"Chrome\",\n \"_domain\":\"siemplify.co\",\n \"severity\": \"error\",\n \"service\": \"Elastica\",\n \"latitude\": 32.0678,\n \"user\": \"john_doe@example.com\",\n \"object_type\": \"Session\",\n \"location\": \"Tel Aviv (Israel)\",\n \"longitude\": 34.7647,\n \"device\": \"Windows\",\n \"host\": \"1.1.1.1\",\n \"user_agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\",\n \"created_timestamp\": \"2019-01-20T07:49:14\",\n \"event_type\": \"PORTAL_LOGIN_FAILURE\",\n \"message\": \"Failed login attempt by user 'john_doe@example.com'\", \"_id\": \"--Fi3z-1QHewAgPiTQlvXQ\",\n \"user_name\": \"Meny Har\",\n \"inserted_timestamp\": \"2019-01-20T07:49:14\",\n \"activity_type\": \"Failure\"\n },\n \"Entity\": \"john_doe@example.com\"\n }]\n\n### Ping\n\n#### Description\n\nVerifies connectivity to the Symantec CloudSOC server.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
