SSH
Integration version: 16.0
Configure SSH integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.
Actions
Block IP Address in IPtables
Description
Add a rule to IPtables to block an IP address.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | x.x.x.x | Remote server address. |
Remote Username | String | root | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
Block IP Address | String | N/A | IP address to block. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Delete Firewall Rule
Description
Delete IPtables Firewall rule (Example: INPUT -s 10.0.0.10 -j DROP).
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | Remote server address (example: x.x.x.x). | N/A |
Remote Username | String | root | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
IPtables Rule | String | N/A | Rule value (example: INPUT -s 10.0.0.10 -j DROP). |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Execute Program
Description
Run a script on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
Remote Program Path | String | N/A | The path to the program in the remote host. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
results | N/A | N/A |
JSON Result
N/A
List Connections
Description
List all connections on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
results | True/False | results:False |
JSON Result
{
"Results": [
"Proto,Recv-Q,SendQ,Local,Address,Foreign,Address,State,PID/Program,name",
"tcp,0,0,0.0.0.0:111,0.0.0.0:*,LISTEN,1/systemd",
"tcp,0,0,0.0.0.0:22,0.0.0.0:*,LISTEN,10624/sshd"
]
}
List Processes
Description
List the running processes on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | 22 | The default port will be 22. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
results | N/A | N/A |
JSON Result
{
"Processes": [
"USER,PID,%CPU,%MEM,VSZ,RSS,TTY,STAT,START,TIME,COMMAND",
"root,1,0.0,0.0,193656,6656,?,Ss,Jan16,0:24,/usr/lib/systemd/systemd --system --deserialize 24",
"root,32142,0.0,0.0,0,0,?,S,Jan22,0:32,[kworker/3:1]"
]
}
List IPtables Rules
Description
List IPtable rules on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | The default port will be 22. |
Chain | String | N/A | The IPtables chain that you wish to see (example: INPUT, OUTPUT, etc.). |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
results | True/False | results:False |
JSON Result
{
"-,Chain,Rule": [
"-P,INPUT,ACCEPT",
"-P,FORWARD,ACCEPT",
"-P,OUTPUT,ACCEPT"
]
}
Logoff User
Description
Logoff a remote user.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | The default port will be 22. |
Logoff Username | String | N/A | The username to log off. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Ping
Description
Test Connectivity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Reboot Machine
Description
Reboot a remote server.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | The default port will be 22. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Run Command
Description
Run a command on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
Command | String | N/A | Command content (example: ifconfig). |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
results | True/False | results:False |
JSON Result
{
"ifconfig":
"ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500
Ninet1.1.1.1netmask1.1.1.1broadcast1.1.1.1
ninet6fe80: : 2156: 9c37: 7a0d:
87eprefixlen64scopeid0x20<link>
nether00: 50: 56: b5: 70: e3txqueuelen1000(Ethernet)
nRXpackets7448423bytes1077754116(1.0GiB)
nRXerrors0dropped0overruns0frame0
nTXpackets370155bytes44300304(42.2MiB)
nTXerrors0dropped0overruns0carrier0collisions0
nlo: flags=73<UP,LOOPBACK,RUNNING>mtu65536
Ninet1.1.1.1netmask1.1.1.1
ninet6: : 1prefixlen128scopeid0x10<host>
nlooptxqueuelen1000(LocalLoopback)
nRXpackets86bytes4780(4.6KiB)
nRXerrors0dropped0overruns0frame0
nTXpackets86bytes4780(4.6KiB)
nTXerrors0dropped0overruns0carrier0collisions0"
}
Shutdown Machine
Description
Shutdown a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | The default port will be 22. |
Wait Time | String | N/A | Time to wait before shutdown in minutes (example: now). |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Terminate Process
Description
Terminate a process on a remote machine.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
Remote Server | String | N/A | Remote server address (example: x.x.x.x). |
Remote Username | String | N/A | N/A |
Remote Password | String | N/A | N/A |
Remote Port | String | N/A | N/A |
Process | String | N/A | Process to terminate. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
N/A
Need more help? Get answers from Community members and Google SecOps professionals.