Symantec ICDx

Integration version: 6.0

Configure Symantec ICDx integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Get Event

Description

Get event data by its ID.

Parameters

Parameter Type Default Value Description
Event UUID String N/A N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Events Minutes Back

Description

Get events for query, by minutes back.

Parameters

Parameter Type Default Value Description
Query String N/A Request query.
Limit String N/A Received events amount limit.
Minutes Back String N/A Fetch events minutes back parameter.
Fields String N/A Specific event fields to bring(Comma separated.)

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
4.0 N/A N/A
JSON Result
N/A

Ping

Description

Test Symantec ICDx connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Connectors

Symantec ICDx query Connector

Description

Fetching events from Symantec ICDx server using a query.

Configure Symantec ICDx Query Connector in Google Security Operations SOAR

For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.

Connector parameters

Use the following parameters to configure the connector:

Parameter Type Default Value Description
DeviceProductField String device_product The field name used to determine the device product.
EventClassId String name The field name used to determine the event name (sub-type).
PythonProcessTimeout String 60 The timeout limit (in seconds) for the python process running current script.
API Root String null N/A
API Token Password null N/A
Verify SSL Boolean FALSE Whether to use son connection or not.
Search Query String null N/A
Events Limit Integer 10 Max count of events to pull in one cycle. Example: 20
Max Days Backwards Integer 1 Max number of days to fetch alerts since. Example: 3
Proxy Server Address String null The address of the proxy server to use.
Proxy Username String null The proxy username to authenticate with.
Proxy Password Password null The proxy password to authenticate with.

Connector Rules

Proxy support

The connector supports proxy.

Whitelist/Blacklist

The connector supports Whitelist/Blacklist rules.