Zabbix

Integration version: 12.0

Configure Zabbix integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
Api Root String https://{IP}/Zabbix Yes The API root of the Zabbix instance.
Username String N/A Yes The username of the Zabbix account.
Password Password N/A Yes The password of the according user.
Verify SSL Checkbox Unchecked Yes If enabled, the integration verifies that the SSL certificate for the connection to the Zabbix server is valid.

Actions

Execute Script

Description

Execute a script on hosts by the IP.

Parameters

Parameter Display Value Type Default Value Is Mandatory Description
Script Name String N/A Yes The name of the script to execute.

Run On

This action runs on the IP Address entity.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult": {
            "response": "success",
            "value": "sudo: no tty present and no askpass program specified\\n"
        },
        "Entity": "1.1.1.1"
    }
]
Entity Enrichment
Enrichment Field Name Logic - When to apply
response Returns if it exists in JSON result
value Returns if it exists in JSON result
Insights

N/A

Ping

Description

Test Connectivity.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A
Entity Enrichment

N/A

Insights

N/A

Connectors

Zabbix Connector

Description

Zabbix connector fetches events from Zabbix.

Configure Zabbix Connector in Google Security Operations SOAR

For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.

Connector parameters

Use the following parameters to configure the connector:

Parameter Display Value Type Default Value Is Mandatory Description
Product Field Name String Product Field Name Yes The field name used to determine the device product.
Event Field Name String Event Field Name Yes The field name used to determine the event name (sub-type).
PythonProcessTimeout String 300 Yes The timeout limit (in seconds) for the python process running current script.
Api Root String N/A Yes N/A
Username String N/A Yes N/A
Password Password N/A Yes N/A
Proxy Server Address String N/A No The address of the proxy server to use.
Proxy Username String N/A No The proxy username to authenticate with.
Proxy Password String N/A No The proxy password to authenticate with.
Verify SSL Checkbox Unchecked No If enabled, the integration verifies that the SSL certificate for the connection to the Zabbix server is valid.

Connector rules

Proxy support

The connector supports proxy.

Whitelist/Blacklist

The connector supports Whitelist/Blacklist rules.