Siemplify
Integration version: 80.0
Configure Siemplify integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the Instance. |
| Monitors Mail Recipients | String | example@example.com, example1@example.com | Yes | Monitors Mail Recipients |
| Elastic Server Address | String | localhost | Yes | Elastic Server Address |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Add to Custom List
Description
Add an Entity Identifier to a categorized Custom List, in order to perform future comparisons in other actions.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Category | String | N/A | Yes | A custom list of categories to be used. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | True/False | ScriptResult:False |
JSON Result
N/A
Add Entity Insight
Description
Add an insight configurable message to each targeted entity.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Message | String | N/A | Yes | Message content to be added. |
The Message parameter supports HTML elements, for example:
<h1>H1 Heading</h1>
<h2>H2 Heading</h2>
<p>Paragraph</p>
<b>Bold text</b>
<br>
<a href="google.com">Link</a>
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Add General Insight
Description
Add a general insight configurable message to the case.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Title | String | N/A | Yes | The title of the insight. |
| Message | String | N/A | Yes | The message that is placed on the insight. |
| Triggered By | String | N/A | No | A description for the cause of this insight. |
The Message parameter supports HTML elements, for example:
<h1>H1 Heading</h1>
<h2>H2 Heading</h2>
<p>Paragraph</p>
<b>Bold text</b>
<br>
<a href="google.com">Link</a>
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Add Tags To Similar Cases
Description
First use SDK to get similar cases. Take the IDs and use them in the loop over which you will iterate, when running add tag method. Action should support comma-separated values.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Rule Generator | Checkbox | Checked | No | Search for similar cases by the same Rule Generator. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Port | Checkbox | Checked | No | Search for similar cases by the same Port number. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Category Outcome | Checkbox | Checked | No | Search for similar cases by the same Category Outcome. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Entity Identifier | Checkbox | Checked | No | Search for similar cases containing the same Entity Identifier. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Days Back | String | N/A | Yes | Defines the number of days back the search should look for similar cases. |
| Tags | String | N/A | Yes | Specify a comma-separated list of tags that you want to add to similar cases. |
Assign Case
Description
Assign case to specific user or usergroup.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Assigned User | String | N/A | Yes | User or Usergroup to whom a case should be assigned. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Attach Playbook to Alert
Description
Attach a specific playbook to an alert.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Playbook Name | String | N/A | Yes | Playbook which should be attached to an alert. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
Case Comment
Description
Add a comment to the case the current alert has been grouped to.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Comment | String | N/A | Yes | Comment to be added to the case. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| SuccessStatus | True/False | SuccessStatus:False |
JSON Result
N/A
Case Tag
Description
Add given tag to the case the current alert is grouped to.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Tag | String | N/A | Yes | Tag to be added to the case. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Change Case Stage
Description
Change case stage to handling.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Stage | DDL | N/A | Yes | Stage to which the case should be moved to. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Change Priority
Description
Automatically change case priority to the given input.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Priority | DDL | N/A | Yes | Priority which should be set for the case. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Close Alert
Description
Closes the current alert.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Reason | DDL | N/A | Yes | Alert closure reason. |
| Root Cause | DDL | N/A | Yes | Root cause of the alert closure. |
| Comment | String | N/A | Yes | Comment content. |
| Assign to User | DDL | N/A | No | User that the closed case is assigned to. |
| Tags | String | N/A | No | Comma-separated tags values. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| StatusResult | True/False | StatusResult:False |
JSON Result
N/A
Close Case
Description
Closes the case the current alert has been grouped to.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Reason | DDL | N/A | Yes | Closure reason. |
| Root Cause | DDL | N/A | Yes | Root cause of the case closure. |
| Comment | String | N/A | Yes | Comment content. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| StatusResult | True/False | StatusResult:False |
JSON Result
N/A
Create Entity
Description
Creates an entity and adds it to the requested alert.
The "Create Entity" action update released within version 57 of the integration, provides different functionalities in various Google Security Operations SOAR Platform versions:
- For version 5.6.2+: The user can choose delimiter in the mapping process, and the DB configuration is ignored.
For versions between 5.6.0, inclusive and up to 5.6.2, exclusive: There are two different places where delimiting takes place:
- The action
- Google Security Operations SOAR DB
If you want to use a different delimiter in the entity creation process, make sure to align it between the two places. For example, if you have a custom Delimiter that is '&' , you can:
- Make sure to change it to '&' in both places.
- In the DB, change it to '&' and keep empty in the action, to avoid "Double Delimiting".
For versions up to 5.6.0: This change doesn't affect delimiting.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Entities Identifies | String | N/A | Yes | Entity identifier or comma-separated list of identifiers. Example: value1,value2,value3 |
| Entity Type | List | N/A | Yes | Google Security Operations SOAR entity type. Example: HOSTNAME / USERNAME |
| Delimiter | String | ' , ' | No | Provide a delimiter character, with which the action splits the input it gets into a number of entities instead of a single one. If no value is provided, the action does not perform any splitting on the input, and it's handled as a single entity. |
| Is Internal | Checkbox | Unchecked | No | Mark if entities are part of an internal network. |
| Is Suspicious | Checkbox | Unchecked | No | Mark if entities are suspicious. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| StatusResult | True/False | StatusResult:False |
JSON Result
N/A
Create or Update Entity Properties
Description
Create or change properties for entities in the entity scope.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Entity Field | String | N/A | Yes | Field that has to be created or updated. |
| Field Value | String | N/A | Yes | Value that has to be set to the field. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Get Similar Cases
Description
Search for similar cases and return their IDs.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Rule Generator | Checkbox | Checked | No | Search for similar cases by the same Rule Generator. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Port | Checkbox | Checked | No | Search for similar cases by the same Port number. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Category Outcome | Checkbox | Checked | No | Search for similar cases by the same Category Outcome. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Entity Identifier | Checkbox | Checked | No | Search for similar cases containing the same Entity Identifier. Note: All these search criteria are joined using logical 'AND' condition and are used in the same search. |
| Days Back | String | N/A | Yes | Defines the number of days back the search should look for similar cases. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| SimilarCasesIds | N/A | N/A |
JSON Result
N/A
Instruction
Description
Set an instruction for the analyst.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Instruction | String | N/A | Yes | Instruction content. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Is in Custom List
Description
Check whether an Entity Identifier is part of a predefined dynamic categorized Custom List.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Category | String | N/A | Yes | Custom list category. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Mark as Important
Description
Mark case as important.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Open Web Url
Description
Generate a browser link.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Title | String | N/A | Yes | Title for URL. |
| URL | String | N/A | Yes | Target URL. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Permitted Alert Time
Description
Check case time according to a given time condition.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Permitted Start Time | String | N/A | Yes | Start of the timeframe, when alerts are allowed. Example: 9:55:24 |
| Permitted End Time | String | N/A | Yes | End of the timeframe, when alerts are allowed. Example: 17:23:21 |
| Monday | Checkbox | Unchecked | No | N/A |
| Tuesday | Checkbox | Checked | No | N/A |
| Wednesday | Checkbox | Checked | No | N/A |
| Thursday | Checkbox | Unchecked | No | N/A |
| Friday | Checkbox | Unchecked | No | N/A |
| Saturday | Checkbox | Unchecked | No | N/A |
| Sunday | Checkbox | Unchecked | No | N/A |
| Input Timezone | String | UTC | Yes | Timezone name. Example: UTC. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| permitted | N/A | N/A |
JSON Result
N/A
Ping
Description
Test Connectivity.
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Raise Incident
Description
Raise case incident. Used to mark critical true positive cases.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/A
Remove From Custom List
Description
Remove an Entity Identifier from a categorized Custom List, in order to perform future comparisons in other actions.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Category | String | N/A | Yes | Custom list category to be used. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Run Remote
Description
Run remote action through publisher.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Publisher Name | String | N/A | Yes | Publisher instance name to be used. |
| Remote Integration Name | String | N/A | Yes | Remote integration name to be used. |
| Remote Action Name | String | N/A | Yes | Remote action name to be used. |
| Remote Context Data | String | N/A | Yes | Remote action context data |
| Remote Action Script | String | N/A | Yes | Remote action script content to be executed. |
| Agent ID | String | N/A | Yes | Action's target agent ID. |
| Installed Integrations Shared Folder | String | N/A | Yes | Installed Integrations Shared Folder. |
| Verify SSL | Checkbox | Unchecked | No | Enables or disables SSL Verification between the Google Security Operations SOAR machine and the remote Publisher. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Test Siemplify Proxy
Description
Test connection to a given endpoint using proxy settings configured in Google Security Operations SOAR.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Endpoint URL | String | N/A | Yes | The endpoint to try to connect to. |
| HTTP Method | String | GET | Yes | The HTTP method to use when connecting to the endpoint. |
| Body | String | GET | No | The body of the HTTP request. |
| Verify SSL | Checkbox | Checked | No | Enables\Disables SSL Verification between Google Security Operations SOAR machine and the remote Publisher |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Remove Tag
Description
Remove tags from a case.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Tag | String | N/A | Yes | Specify the tag that needs to be removed. Comma-separated values. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | If the tag was successfully removed: (is_success=true): "Successfully removed the following tags from case {case_id}: /n {tags}" If an error is reported (is_success=false): "Error executing action {action name}" (error message should include the reason) If a case is closed: It is not possible to remove the tag. |
General |
Set Case SLA
Description
Set the SLA for a case. This action has the highest priority and it will override the existing SLA defined for the specific case.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| SLA Period | Integer | 5 | Yes | The period of time after which the SLA is in breach. |
| SLA Time Unit | DDL | Minutes
Possible values:
|
Yes | Specify the unit for SLA Time. |
| SLA Time To Critical Period | Integer | 4 | Yes | The period of time after which the SLA enters the critical period. Value of this parameter needs to be less than value of the SLA Period parameter. |
| SLA Time To Critical Unit | DDL | Minutes
Possible values:
|
Yes | Specify the unit for SLA Time To Critical. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Set Alert SLA
Description
Set the SLA for an alert. This action has the highest priority and it will override the existing SLA defined for the specific alert.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| SLA Period | Integer | 5 | Yes | The period of time after which the SLA is in breach. |
| SLA Time Unit | DDL | Minutes
Possible values:
|
Yes | Specify the unit for SLA Time. |
| SLA Time To Critical Period | Integer | 4 | Yes | The period of time after which the SLA enters the critical period. Value of this parameter needs to be less than value of the SLA Period parameter. |
| SLA Time To Critical Unit | DDL | Minutes
Possible values:
|
Yes | Specify the unit for SLA Time To Critical. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Update Case Description
Description
Update a case description.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Description | String | N/A | Yes | Specify a description that should be set for the case. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| StatusResult | True/False | StatusResult:False |
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | If successful: (is_success=true): "Successfully updated case description." If a fatal error, like invalid credentials, API root, other is reported (is_success=false): "Error executing action "Update Case Description". Reason: {error traceback}" |
General |
Get Scope Context Value
Description
Action gets a value stored under a specified key in the Google Security Operations SOAR database. Available scopes to get context values for: Alert, Case, Global.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Context Scope | DDL | Select One Possible Values:
|
Yes | Specify the Google Security Operations SOAR context scope to return context keys for. |
| Key Name | String | N/A | Yes | Specify the key name to get context value for. |
| Create Case Wall Table | Checkbox | Checked | No | If enabled, the case wall table is created as part of action results. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
Action should return JSON result of the stored context value.
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If data is available and scope IS global or connector AND context key is specified (is_success=true): "Successfully found context value for the provided context key {context_key} with scope {context_scope}.". If data is not available (is_success=false): "No context values were found for the provided context scope {context_scope}." If data is not available and context key is specified (is_success=false): "Context value was not found for the provided context key {context_key} with scope {context_scope}." If data is available (is_success = true), the "Create Case Wall Table" parameter is set to true, and the size of context value is more than 5000 characters: "Action will not return the Case Wall table as the context value(s) are too big.". The action should fail and stop a playbook execution: If the "Context Type" parameter is set to default of "Not Specified": "Error executing action "Get Context Value". Reason: Value for "Context Type" parameter is not specified." If a fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Get Context Value". Reason: {0}''.format(error.Stacktrace)" |
General |
| Table | Table Name: Context Values for scope {scope} Table Columns:
|
General |
Set Scope Context Value
Description
Action sets a value for a key specified that is stored in the Google Security Operations SOAR database. Available scopes to get context values for: Alert, Case, Global.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Context Scope | DDL | Select One Possible Values:
|
Yes | Specify the Google Security Operations SOAR context scope to return context keys for. |
| Key Name | String | N/A | Yes | Specify the key name to set context value for. |
| Key Value | String | N/A | Yes | Specify the value to store under the specified key. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
Action should return JSON result of the context key(s) that were set.
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If data is available (is_success=true): "Successfully set context value for the context key {context_key} with scope {context_scope}.". The action should fail and stop a playbook execution: If the "Context Type" parameter is set to default of "Not Specified": "Error executing action "Set Context Value". Reason: Value for "Context Type" parameter is not specified." If a fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Set Context Value". Reason: {0}''.format(error.Stacktrace) |
General |
Get Connector Context Value
Description
Action gets a value stored under a specified key in the Google Security Operations SOAR database for a connector context.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Connector Identifier | String | N/A | Yes | Specify connector identifier to list context keys for. Parameter works together with the "Connector Identifier Filter Logic" parameter. |
| Key Name | String | N/A | No | Optionally specify the key name to get context value for. |
| Create Case Wall Table | Checkbox | Checked | No | If enabled, the case wall table is created as part of action results. |
Use Cases
Fetch value stored in DB.
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON result
Action should return JSON result of the stored context value.
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If data is available and the context key is specified (is_success=true): "Successfully found context value for the provided context key {context_key} for connector identifier {connector identifier}.". If data is not available and the context key is specified (is_success=false): "Context value was not found for the provided context key {context_key} and connector identifier {connector_identifier}." If data is available (is_success=true) and the "Create Case Wall Table" parameter is set to true, and the size of context value is more than 5000 characters: "Action will not return the Case Wall table as the context value(s) are too big.". The action should fail and stop a playbook execution: If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Get Context Value". Reason: {0}''.format(error.Stacktrace) |
General |
| Table | Table Name: Available Connector Context Values Table Columns:
|
General |
Jobs
Actions Monitor
Description
Notifies of all the actions, that have individually failed at least 3 times, in the last 3 hours.
Cases Collector
Description
Collects cases and connector logs from Publisher.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Publisher ID | String | N/A | Yes | N/A |
| Verify SSL | Checkbox | Unchecked | Yes | N/A |
Connectors Monitor
Description
Notifies about any error in the (connectors) alert ingestion process.
Delete Case Files History
Description
Deletes case files that are older than X days from Done and Error folders of the ETL.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Days | String | 10 | Yes | N/A |
ETL Monito
Description
Notifies about any error in the ETL alert ingestion process.
Jobs Monitor
Description
Notifies about all the jobs that had failed in the last 3 hours.
Logs Collector
Description
Notifies about all the jobs that had failed in the last 3 hours.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Publisher ID | String | N/A | Yes | N/A |
| Verify SSL | Checkbox | Unchecked | No | N/A |
Machine Resource Utilization
Description
Notifies if the machine resource utilization is close to full usage, according to the following rules:
- CPU - over 90%
- MEM - over 85%
- Drive - over 80%
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| CPU Limit | Integer | 90 | Yes | N/A |
| Memory Limit | integer | 85 | Yes | N/A |
| Drives Limit | Integer | 80 | Yes | N/A |
| Disks | String | N/A | No | N/A |
Measurement Monitor
Description
Sends an email report of various system measurement to configured admins.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Additional Email Recipients | String | Insights@siemplify.co | No | This job sends an email to the recipients defined in this parameter and in the Google Security Operations SOAR Integration Configuration. |
| Metrics Output Folder | String | N/A | No | Output folder location. For each job run a CSV output containing the metrics is saved here. |
| Max CSV Files Count Retention | Integer | 100 | No | The maximum number of the CSV output files to save under Metrics Output Folder. |