Elastica CloudSOC
Integration version: 5.0
Overview
Configure Elastica CloudSOC integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Get User Activities
Description
Fetch user activities from Symantec CloudSOC. Symantec CloudSOC provides insights into user activity and an overview of how cloud applications are used.
Parameters
| Parameters | Type | Default Value | Description |
|---|---|---|---|
| Minutes Back | String | N/A | Fetch logs since 'x' minutes backwards. Example: 5 |
Use cases
N/A
Run On
This action runs on the User entity.
Action Results
Entity Enrichment
Entities are marked as Suspicious (True) if they exceed threshold. Else: False.
| Enrichment Field Name | Logic - When to apply |
|---|---|
| browser | Returns if it exists in JSON result |
| _domain | Returns if it exists in JSON result |
| severity | Returns if it exists in JSON result |
| latitude | Returns if it exists in JSON result |
| user | Returns if it exists in JSON result |
| object_type | Returns if it exists in JSON result |
| location | Returns if it exists in JSON result |
| longitiude | Returns if it exists in JSON result |
| device | Returns if it exists in JSON result |
| host | Returns if it exists in JSON result |
| user_agent | Returns if it exists in JSON result |
| created_timestamp | Returns if it exists in JSON result |
| event_type | Returns if it exists in JSON result |
| message | Returns if it exists in JSON result |
| user_name | Returns if it exists in JSON result |
| inserted_timestamp | Returns if it exists in JSON result |
| activity_type | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_succeed | True/False | is_succeed:False |
JSON Result
[{
"EntityResult":
{
"browser": "Chrome",
"_domain":"siemplify.co",
"severity": "error",
"service": "Elastica",
"latitude": 32.0678,
"user": "john_doe@example.com",
"object_type": "Session",
"location": "Tel Aviv (Israel)",
"longitude": 34.7647,
"device": "Windows",
"host": "1.1.1.1",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
"created_timestamp": "2019-01-20T07:49:14",
"event_type": "PORTAL_LOGIN_FAILURE",
"message": "Failed login attempt by user 'john_doe@example.com'", "_id": "--Fi3z-1QHewAgPiTQlvXQ",
"user_name": "Meny Har",
"inserted_timestamp": "2019-01-20T07:49:14",
"activity_type": "Failure"
},
"Entity": "john_doe@example.com"
}]
Ping
Description
Verifies connectivity to the Symantec CloudSOC server.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_succeed | True/False | is_succeed:False |
JSON Result
N/A