Remote Agent Utilities

Integration version: 4.0

Configure Remote Agent Utilities integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
Instance Name String N/A No Name of the Instance you intend to configure integration for.
Description String N/A No Description of the Instance.
Run Remotely Checkbox Unchecked No Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

Ping

Description

Test Connectivity.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options Example
success True/False success:False

Serialization

Description

The action will get the file path (relative path) as the action parameter, will serialize it to a GZIP Base64 string, and will return it in a resultJSON output param.

Parameters

Parameter Display Name Type Is Mandatory Description
File Path String Yes Full path of the file

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options Example
file_bs64 N/A N/A
Case Wall
Result Type Value / Description Type
Output message*

In case of general error: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail

If action completed successfully: "Successfully serialized <file path>"

If action failed to run: "Failed to serialized <file path>"

General

Deserialization

Description

The action will get the GZIP Base64 string from the JSON result and will store the data from the original file in a new file in the destination path in the action.

Parameters

Parameter Display Name Type Is Mandatory Description
File Name String Yes

File Name

The purpose is to get as a placeholder from prev action (key in json result - u'file_name)

File base64 String Yes

File base64

The purpose is to get as a placeholder from prev action (key in json result - u'base64_file_content)

Run On

This action doesn't run on entities.

Action Results

Script Result
Script Result Name Value Options Example
file_new_path N/A N/A
Case Wall
Result Type Value / Description Type
Output message*

In case of general error print: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail

If action failed to run: "Failed to deserialized file base64"

If action completed successfully: "Successfully deserialized file Base64. New file available here: <file_new_path>"

General