Remote Agent Utilities
Integration version: 4.0
Configure Remote Agent Utilities integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
Parameter Display Name | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
Description | String | N/A | No | Description of the Instance. |
Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Ping
Description
Test Connectivity.
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
success | True/False | success:False |
Serialization
Description
The action will get the file path (relative path) as the action parameter, will serialize it to a GZIP Base64 string, and will return it in a resultJSON output param.
Parameters
Parameter Display Name | Type | Is Mandatory | Description |
---|---|---|---|
File Path | String | Yes | Full path of the file |
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
file_bs64 | N/A | N/A |
Case Wall
Result Type | Value / Description | Type |
---|---|---|
Output message* | In case of general error: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail If action completed successfully: "Successfully serialized <file path>" If action failed to run: "Failed to serialized <file path>" |
General |
Deserialization
Description
The action will get the GZIP Base64 string from the JSON result and will store the data from the original file in a new file in the destination path in the action.
Parameters
Parameter Display Name | Type | Is Mandatory | Description |
---|---|---|---|
File Name | String | Yes | File Name The purpose is to get as a placeholder from prev action (key in json result - u'file_name) |
File base64 | String | Yes | File base64 |
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
file_new_path | N/A | N/A |
Case Wall
Result Type | Value / Description | Type |
---|---|---|
Output message* | In case of general error print: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail If action failed to run: "Failed to deserialized file base64" If action completed successfully: "Successfully deserialized file Base64. New file available here: <file_new_path>" |
General |