Symantec ICDx
Integration version: 6.0
Configure Symantec ICDx integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Get Event
Description
Get event data by its ID.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Event UUID | String | N/A | N/A |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Get Events Minutes Back
Description
Get events for query, by minutes back.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Request query. |
| Limit | String | N/A | Received events amount limit. |
| Minutes Back | String | N/A | Fetch events minutes back parameter. |
| Fields | String | N/A | Specific event fields to bring(Comma separated.) |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| 4.0 | N/A | N/A |
JSON Result
N/A
Ping
Description
Test Symantec ICDx connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Connectors
Symantec ICDx query Connector
Description
Fetching events from Symantec ICDx server using a query.
Configure Symantec ICDx Query Connector in Google Security Operations SOAR
For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| DeviceProductField | String | device_product | The field name used to determine the device product. |
| EventClassId | String | name | The field name used to determine the event name (sub-type). |
| PythonProcessTimeout | String | 60 | The timeout limit (in seconds) for the python process running current script. |
| API Root | String | null | N/A |
| API Token | Password | null | N/A |
| Verify SSL | Boolean | FALSE | Whether to use son connection or not. |
| Search Query | String | null | N/A |
| Events Limit | Integer | 10 | Max count of events to pull in one cycle. Example: 20 |
| Max Days Backwards | Integer | 1 | Max number of days to fetch alerts since. Example: 3 |
| Proxy Server Address | String | null | The address of the proxy server to use. |
| Proxy Username | String | null | The proxy username to authenticate with. |
| Proxy Password | Password | null | The proxy password to authenticate with. |
Connector Rules
Proxy support
The connector supports proxy.
Whitelist/Blacklist
The connector supports Whitelist/Blacklist rules.