Remote Agent Utilities

Integration version: 1.0

Configure Remote Agent Utilities integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Instance Name	String	N/A	No	Name of the Instance you intend to configure integration for.
Description	String	N/A	No	Description of the Instance.
Run Remotely	Checkbox	Unchecked	No	Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

Ping

Description

Test Connectivity.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
success	True/False	success:False

Serialization

Description

The action will get the file path (relative path) as the action parameter, will serialize it to a GZIP Base64 string, and will return it in a resultJSON output param.

Parameters

Parameter Display Name	Type	Is Mandatory	Description
File Path	String	Yes	Full path of the file

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
file_bs64	N/A	N/A

Case Wall

Result Type	Value / Description	Type
Output message*	In case of general error: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail If action completed successfully: "Successfully serialized <file path>" If action failed to run: "Failed to serialized <file path>"	General

Result Type

Value / Description

Type

Output message*

In case of general error: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail

If action completed successfully: "Successfully serialized <file path>"

If action failed to run: "Failed to serialized <file path>"

General

Deserialization

Description

The action will get the GZIP Base64 string from the JSON result and will store the data from the original file in a new file in the destination path in the action.

Parameters

Parameter Display Name	Type	Is Mandatory	Description
File Name	String	Yes	File Name The purpose is to get as a placeholder from prev action (key in json result - u'file_name)
File base64	String	Yes	File base64 The purpose is to get as a placeholder from prev action (key in json result - u'base64_file_content)

Parameter Display Name

Type

Is Mandatory

Description

File Name

String

Yes

File Name

The purpose is to get as a placeholder from prev action (key in json result - u'file_name)

File base64

String

Yes

File base64

The purpose is to get as a placeholder from prev action (key in json result - u'base64_file_content)

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
file_new_path	N/A	N/A

Case Wall

Result Type	Value / Description	Type
Output message*	In case of general error print: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail If action failed to run: "Failed to deserialized file base64" If action completed successfully: "Successfully deserialized file Base64. New file available here: <file_new_path>"	General

Result Type

Value / Description

Type

Output message*

In case of general error print: "{{Action didn't complete due to error: {error}"}}, result value should be set to false and the action should fail

If action failed to run: "Failed to deserialized file base64"

If action completed successfully: "Successfully deserialized file Base64. New file available here: <file_new_path>"

General