Stay organized with collections
Save and categorize content based on your preferences.
Remote Agent Utilities
Integration version: 4.0
Configure Remote Agent Utilities integration in Google Security Operations
For detailed instructions on how to configure an integration in
Google SecOps, see Configure
integrations.
Integration parameters
Use the following parameters to configure the integration:
Parameter Display Name
Type
Default Value
Is Mandatory
Description
Instance Name
String
N/A
No
Name of the Instance you intend to configure integration for.
Description
String
N/A
No
Description of the Instance.
Run Remotely
Checkbox
Unchecked
No
Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).
Actions
Ping
Description
Test Connectivity.
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name
Value Options
Example
success
True/False
success:False
Serialization
Description
The action will get the file path (relative path) as the action parameter, will
serialize it to a GZIP Base64 string, and will return it in a resultJSON output
param.
Parameters
Parameter Display Name
Type
Is Mandatory
Description
File Path
String
Yes
Full path of the file
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name
Value Options
Example
file_bs64
N/A
N/A
Case Wall
Result Type
Value / Description
Type
Output message*
In case of general error: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail
If action completed successfully: "Successfully serialized <file path>"
If action failed to run: "Failed to serialized <file path>"
General
Deserialization
Description
The action will get the GZIP Base64 string from the JSON result and will store
the data from the original file in a new file in the destination path in the
action.
Parameters
Parameter Display Name
Type
Is Mandatory
Description
File Name
String
Yes
File Name
The purpose is to get as a placeholder from prev action (key in json result - u'file_name)
File base64
String
Yes
File base64
The purpose is to get as a placeholder from prev action (key in json result - u'base64_file_content)
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name
Value Options
Example
file_new_path
N/A
N/A
Case Wall
Result Type
Value / Description
Type
Output message*
In case of general error print: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail
If action failed to run: "Failed to deserialized file base64"
If action completed successfully: "Successfully deserialized file Base64. New file available here: <file_new_path>"
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eRemote Agent Utilities integration version 4.0 can be configured within Google Security Operations SOAR, using specified parameters like Instance Name, Description, and Run Remotely.\u003c/p\u003e\n"],["\u003cp\u003eThe integration includes a "Ping" action to test connectivity, which does not run on entities, and provides a True/False success result.\u003c/p\u003e\n"],["\u003cp\u003e"Serialization" allows converting a file path (up to 15 MB) into a GZIP Base64 string, returned as a result, and can give outputs on whether or not it was successful.\u003c/p\u003e\n"],["\u003cp\u003e"Deserialization" reverses the process, taking a GZIP Base64 string and creating a new file at a specified destination path, giving outputs on whether or not it was successful.\u003c/p\u003e\n"],["\u003cp\u003eThe integration provides detailed instructions for configuring and supporting multiple instances, and offers access to the Google Cloud Security Community for further support.\u003c/p\u003e\n"]]],[],null,["# Remote Agent Utilities\n======================\n\nIntegration version: 4.0\n\nConfigure Remote Agent Utilities integration in Google Security Operations\n--------------------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\n### Integration parameters\n\nUse the following parameters to configure the integration:\n\n| **Note:** You can make changes at a later stage if needed. Once configured, the Instances can be used in Playbooks. For detailed information on configuring and supporting multiple instances, please see [Supporting multiple instances](/chronicle/docs/soar/respond/integrations-setup/supporting-multiple-instances).\n\nActions\n-------\n\n### Ping\n\n#### Description\n\nTest Connectivity.\n\n#### Run On\n\nThis action doesn't run on entities.\n\n#### Action Results\n\n##### Script Result\n\n### Serialization\n\n#### Description\n\nThe action will get the file path (relative path) as the action parameter, will\nserialize it to a GZIP Base64 string, and will return it in a resultJSON output\nparam.\n| **Note:** The file limit size: 15 MB. The restriction will be enforced at the TIP level.\n\n#### Parameters\n\n#### Run On\n\nThis action doesn't run on entities.\n\n#### Action Results\n\n##### Script Result\n\n##### Case Wall\n\n### Deserialization\n\n#### Description\n\nThe action will get the GZIP Base64 string from the JSON result and will store\nthe data from the original file in a new file in the destination path in the\naction.\n\n#### Parameters\n\n#### Run On\n\nThis action doesn't run on entities.\n\n#### Action Results\n\n##### Script Result\n\n##### Case Wall\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
