Integrate Azure API with Google SecOps

Integration version: 1.0

This document explains how to integrate Azure API with Google Security Operations.

Use cases

The Azure APIintegration uses Google SecOps capabilities to support the following use cases:

Universal Microsoft 365 investigation: Use the custom HTTP request capability to query any Microsoft Graph endpoint, allowing analysts to gather data across Teams, SharePoint, and Exchange from a single interface.
Custom incident remediation: Execute targeted POST or PATCH requests to remediate threats in Azure services when a dedicated "one-click" action is not available, ensuring rapid response to emerging vulnerabilities.
Automated data ingestion: Perform scheduled ingestion of security events and audit logs from various Azure repositories to maintain comprehensive visibility over the cloud environment.
Secure malware handling: Safely download and analyze suspicious files by using the built-in password-protected ZIP archiving feature, which prevents accidental execution of malicious content.
Persistent authentication management: Use the Refresh Token Renewal Job to automatically rotate OAuth 2.0 tokens, ensuring that automated playbooks and hunting jobs maintain uninterrupted, secure access to Microsoft 365 services.

Before you begin

Before you configure the integration in Google SecOps, verify that you have the following:

Microsoft Entra ID application: An application registered in the Microsoft Entra ID portal to facilitate API communication.
Client ID and client secret: Valid credentials generated from your application registration.
Tenant ID: The unique identifier of your Azure Active Directory instance.
Redirect URL: A configured Redirect URI that matches the one provided in the integration parameters.
API permissions (scopes) : The specific permissions assigned to your application based on the Azure services you intend to query.
Refresh token : A token valid for 90 days required for persistent delegated access.
Refresh Token Renewal Job : A critical security automation used to prevent integration failure due to token expiration.

Azure API authentication setup

The Azure API integration supports two types of authentication. The set of permissions required depends on the specific API requests and Azure services you query.

Application permissions: API requests are executed from the perspective of the application configured in Microsoft Entra ID. This setup only requires a client ID and client Secret.
Delegated permissions: API requests are executed on behalf of a specific user for whom impersonation is configured.

Establish delegated authentication

To use delegated permissions, you must manually generate an initial refresh token using the following steps:

Provide the Client ID , Client Secret , Scope , Redirect URL , and Tenant ID in the integration configuration.
Run the Get Authorization action.
Open the link generated by the action in a browser and copy the resulting redirected link.
Provide the redirected link as an input to the Generate Token action.
Copy the token returned by the action and enter it into Refresh Token during integration configuration.

Configure refresh token renewal

The initial refresh token is valid for 90 days. To ensure uninterrupted service, configure the Refresh Token Renewal Job to automatically update the refresh token for the integration instance.

Integration parameters

The Azure APIintegration requires the following parameters:

Parameter	Description
`Microsoft Login API Root`	Required. The API root of the Microsoft identity platform login service used for Azure API authentication. The default value is `https://login.microsoftonline.com` .
`Microsoft Graph API Root`	Required. The API root of the Microsoft Graph service used for Azure API operations. The default value is `https://graph.microsoft.com` .
`Client ID`	Required. The client ID for the Azure API account.
`Client Secret`	Required. The client secret for the Azure API account.
`Tenant ID`	Required. The tenant ID for the Azure API account.
`Refresh Token`	Optional. The refresh token used for delegated access to the Azure API account. This token is valid for 90 days and is obtained in the initial setup.
`Verify SSL`	Optional. If selected, the integration validates the SSL certificate when connecting to the Azure API server. Enabled by default.
`Redirect URL`	Optional. The redirect URI associated with the Microsoft Entra ID application. The default value is `http://localhost` .
`Test URL`	Required. The URL used to validate the authentication to Azure API using a GET request.
`Scopes`	Required. A comma-separated list of the scopes for the Azure API authentication.

For instructions about how to configure an integration in Google SecOps, see Configure integrations .

You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances .

Actions

For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .

Execute HTTP Request

Use the Execute HTTP Requestaction to construct and execute a customized HTTP API request against a target URL.

This action doesn't run on Google SecOps entities.

Action behavior

This action supports complex behaviors including asynchronous polling, dynamic payload construction, and file management.

Asynchronous polling

When Expected Response Values is provided, the action operates in asynchronous mode. In this mode, the action repeatedly polls the target endpoint to track the state of a response (for example, waiting for a long-running task to complete).

The action evaluates the response body against the JSON conditions provided in the parameter and continues execution until the conditions are met or the action reaches its timeout.

Condition logic

The action supports the following logic for tracking response states:

Single field matching: The action waits for a specific field to reach a single value.
```
  { 
  
 "state" 
 : 
  
 "finished" 
 } 
 
```
Multiple values (OR logic): The action stops execution if a field matches any value in a provided list. This is useful for stopping on both "success" and "error" states to avoid unnecessary polling.
```
  { 
  
 "state" 
 : 
  
 [ 
 "finished" 
 , 
  
 "error" 
 ] 
 } 
 
```

Multiple fields (AND logic): The action waits until all specified fields match their respective values simultaneously.

  { 
  
 "state" 
 : 
  
 "finished" 
 , 
  
 "percentage" 
 : 
  
 "100" 
 }

Combined logic: You can combine multiple conditions within the JSON object.

  { 
  
 "state" 
 : 
  
 [ 
 "finished" 
 , 
  
 "error" 
 ], 
  
 "percentage" 
 : 
  
 "10" 
 }

JSON parsing behavior

When evaluating conditions, the action follows these rules:

Global search: The action searches the entire JSON response object for the specified keys. Provide the key name exactly as it appears in the JSON without prepending parent object names or using prefixes (for example, use "state" , not "data_state" or "data-state" ).
Multiple identical keys: If the response contains multiple keys with the same name at different levels of the JSON hierarchy, the expected output is only reached when all matching key names satisfy the identical expected value.

For example, to search for the finished state in the JSON response and ignore other states, set all state keys in Expected Response Values to finished :
```
  { 
 "data" 
 : 
  
 { 
  
 "state" 
 : 
  
 "finished" 
  
 }, 
  
 "state" 
 : 
  
 "finished" 
 } 
 
```

Body payload construction

The action constructs the request body based on the Content-Type header provided in Headers .

This is the Body Payload input used for the following construction examples:

  { 
  
 "Id" 
 : 
  
 "123123" 
 , 
  
 "sorting" 
 : 
  
 "asc" 
 }

application/x-www-form-urlencoded : The action generates the payload as Id=123123&sorting=asc .

application/json : The action generates the following JSON payload:

  { 
  
 "Id" 
 : 
  
 "123123" 
 , 
  
 "sorting" 
 : 
  
 "asc" 
 }

XML : If the third-party product requires XML, provide an XML-formatted input directly in Body Payload :

 <?xml  
version="1.0"  
encoding="utf-8"?>
<soap:Envelope  
xmlns:soap="[http://schemas.xmlsoap.org/soap/envelope/](http://schemas.xmlsoap.org/soap/envelope/)">
<soap:Body>  
<NumberToWords  
xmlns="[http://www.dataaccess.com/webservicesserver/](http://www.dataaccess.com/webservicesserver/)">  
<ubiNum>500</ubiNum>  
</NumberToWords>
</soap:Body>
</soap:Envelope>

File handling

The action supports the following workflows for managing files:

Downloading files:
- To return file data as part of the JSON result in base64 format, select Base64 Output .
- To save a file directly to the Case Wall as a ZIP archive, select Save To Case Wall .

Uploading files: To upload a file, convert it to a base64-encoded string and include it as part of the Body Payload value.

The following example shows an image file converted to a base64-encoded string:

 iVBORw0KGgoAAAANSUhEUgAAAOEAAADgCAMAAADCMfHtAAAAvVBMVEX////2yBctLS32xgAAAAASEhLPz8/2xwAfHx8qKiqTk5P1wwD2xw4XFxf///u9vb3w8PAlJSXi4uJBQUH++eb+++z//fP76rH99df98sz64qD64Y/523b41Vr53Hz39/f87bv878T989H3zjH634j76rL3zzz76Kj42GbZ2dn41FCvr68TExM6OjpRUVFmZmb40kiOjo6wsLB8fHxdXV3645j41V9ubm5ISEjGxsahoaFhYWGFhYX53Xn63oxSMwp1AAAMpUlEQVR4nO1da1fiOhemBmg7KWCV+00QBUQdmVHU8Z2Z//+zDpfxgn3SZKdJi+/q8+GctWZJk6fJvmY3u1DIkSNHjhw5cuTIkSNHjq+DZn08brVm3S1ardG4Xc96SqbQHs2GC4dxzj6Bc3c67806zaxnmADt1nDKNsyCwIEI3A1Td7AafUGane5iQ05A7RPRNU1neNnIes7qaLbmLlcjt8dysupkPXUVNLtLzlwSu3eW3B2OsyYgweWCunifwJh70c6ahRDtoaLgSUjy6ayaNReEyylnyeltsRbKi0Mzl9Wua2L53sH443nWpD6g2WOmlu8dAV8ejGq1we8fx4PQrDPXDr8dx0Hm8jh27PHbcexn6tHVB9yofkFgbJYdwZ59fluO04x8gPbE7gZ9R8AvsnABLtJZwB2Yk/oy1qfEBQy2weArXFHIKPw576VLcKbuwQTBhpAzWc77vd7laI1urzcfTHfxrzpRtkwxgKzOuSK7DYVFb3SOrFqjPW79mTjuhr/aw1Kz/3UlFbNhN+2NZRa7et6aO4pOLb9IhV9hrDCdYB0E/xkrb6v2bBmokGSDNHTqSr5DGZv0qJFBYzRQIMkc+15cX0ZwPc++XlDQmE2lPnzgWg6qqgPJFAKWKEBv9wMZRzYyxgagKrGCLlskjekaK0eyWXnLCBc8uhObRHPZwITnUe1K4hW+MjAKRMOJe7mBGX4byDjaohhPkE1N5hyqvdi42g7FWILMMS0c9cc4cbThpVYn4gEDZiMQH8e5TrxrerjqVKxk2MROUqw6jFlG4xo1xg6yvjVXqhOjcbjZ1zoXjuS6I6Mj7aMqHthhJoNisS9qPWoTR6KBY27okZjg0NggIrSFO9WdmhqjLhoiSCXR11yIxmdzMyMI7UTgpnSw0BdR5Gbe8KPg+UEKsdo/XAhX0UQs1RUIIZukmG7vCt9yckslEsJUCRYKLdE0kouiQAjZNOUDk5GAYmLfRiABKa/gBiKKLNlMzrEQBpMMzhFmmGKwSPRUHDEFTiZneitMMdE+7eFnuhkdzIpERv99C/Qoy6yCAJvmBPp0AfdohmeyAvdKO5AaQzWTgrMtRgMuYjDRfBxUM8HS6JSpGON9qretsKfkZlzsirWNq2O9qjAxYzenroIl2llMJ/cGXxbrG58xFVgUNSxGEz3IhCufGNC3YfTDU7iEhvNbmoBGjLyIUAoPYI9uAB0R8iJCH5DynspaONafHFWdwo1AsTrFkgaKNbWHI0vNaHn+S/CWaJ5D8UgDFUWG0NsKSAyR/0dTM1YZQqNIMtVt8I6CAYWgZYZwghR/EiUoOe2YwC7DwgBtMvWwtYqkkLaEthmiRSS4bkjPEJfQNkO4iK7yr4Eck4Mm2wzRIirrwkaSH6fFEC2Dss8FXFt6FG2dIcqfMsXfTsHbIQfR1hkit0uxArWJ1BQ5arLPEHinijkkoElder7OPsM6WAk1bTqPBk4aGVL7DJGuUbNpQILVDU2aDMFmUwowwGGMRooAMQw9GVSjpx2AwlAy20iANZIXUYbh/TcZflyRxgDpDBV7AX6msUkBwxJt+goAB8MqiwE0qU56BjAsazwmFsD5UhBE4O9pZYHTYAiyGQohEFh5rpPIT4UhSHnKJWoY+VHg6AyeCkNwTiMPg6MZGh1bkRJDYC/kIgXUk/Q3CKkwBIIoVTXA2SOkPz4gDWuBZErqQoOoSzXo2kc6axjVi9JINhr9BnpVnOkw7NAXJKp/Nc/t02EIVA2XVA5HU1hMryAnHTks0CM9YCz0vk2NMqzUTt5xfKb11AiiMaJM9euYUAgQPVXezpjC8PT70+/rK7XDtDj0I4so23NgX+sNLYmAfT/0Kje3T9cJSUYLRtjf2B8Ac6hnLNRifD+seE+1JBs2GudLkqbnhrxSQhYjLD2/6HOM2m9JHWbUvujWQBHyNH7llJS9+AiwJPH2G7wS4pnTK0iZKL/0pCmPUbGSbLooQ91CPWKuzTv6pTVMNMw/VIZH/s1PnWFAIiM+Bo56snrRoU6+tPSiMw7VvEUdb916WY2McElnFb8Uw6Oihm/+tRj6Pt0wUhlmKYdrePfWGWanS3coUiMssi61xND/gFiG4ffEDMn2UNunqVS20ZK3ZXX6hluv5IXmFpHs05jzS1+uf9XKb/HuB5yUX+7EHEOiJAK/NH7C5mKLWJzc34h2a4X2JHJsYS4+lOCXSCCJ+SpyfIiUr53i9SsBRY/mu5FjfHN5Gil+lbAg3pGeQs/TGMu1yXEH1Y1/S3pItLpJlmsD+VJbn6qV8SKWSA8B+VLJB+zGct4KwAyLlEcAl0aW8wZHHcZun/iM71DXkBhqnFsYO3tSwBMURBJDcJAkO3sydn6ogPvkDKOqVF6CZ+oMuCDX+g+QIUnTaJwBI/WrpWpqxQfZnxwhOfRPCYNoneObqsXwfe85Pgd6BkNIksUHWkOmSmHBn/xHUVxX1pO9jQ2FahXE0PtGGEWrngbVRF0SBt3hLNzswDC8jvmbZ2gsSAWYWjVRqK6NXiH84u2EqiLO1l/fIIJHRUJ6H0VCCgWmJmoTz7y3TXckWMYy3KM0txR8VKBSm6j5sz388N6nXHlGB4Q1z0DwpFlfimqEifbieM/j9G+eX072/+DkviIIgIsn+JEIujXCwF2nbtN7b3/avhc+fCuf7CTs+KT25HuY31EoNaIfoFvnnbxW/wTWeN/4p98fHh6+n4aVUJhSJOX1wZcvarX6ib+3wP7mtjohDGMTpqQl1P/eAn4zQyiiRUuoCIoUouuBVBUG+u6J8KE0zk6ooELxZ5C+UJUm9O2aum8qSE4oIHymEETfrqlqRPT9oXo+6ll3CX2fVK2AdpqyVQOWVD25f32jR9GvkI4s0D1r6p+BJvsO+OSuFH/AhAne0JLdyb4DTvotd+1W5LIIEd5S1KjgW27CLd/RMJj2MffZi0/jWPofsWIIfo9PiGMTX1lQOH65VZfHsEItNEl+6QNQVA6npffPfj4UBQHEJ37FJ9oOLeB7MWjzQ8aG/j331Y/bkoSkHxbv6DUmcHrEdBK8Yoh+0/tZ+fdp0RN52v7aCf+tU/0N76chnq/Ay9q0rmA8u3p5Oip53r7P7YeeV7y916uehRdWUu8YwvdE6V7BeHZ1/ePu1C+WSpVtAUPRu334fX2lWTiL74kiN4SAdzERlc0+zo6Py+Xaz5+1cvk4Uak+vpOOvL/wlXvB/9F9bYLbvrK/zwxfqqqjIgT3JtKzw4aBTLWGFG6AbyZmGbdAx3dfakoPvr/U2pGwEvCd15rfZonuoM1SFLEQat9BWxhgUTy8e4S1+weI7oLOrNMy7nSRZFcJ7ghnGd3nLehzkejiX7wrTHZ4IUBwfzpPZMBQpOkc1r36rmaJ7ysE7y2D3ggCgkl7IwhciAwoirqU8FHSJx9IjxIRQRPtglrCPjMpalSBUjdUoy1qDHYQvYLMdCYT93tKx/SLm68Z6vck7tmlk5uio7kUrqAxFxm74LsxrBvGjrC9q7m+a+KuVpuuSJaFcRXTO8+kNhd2PlsLo82ovylqibZZQpP9D0Ve/W4Z7e3UcUwPS+PdbmK6OTPHjk6t9uP6kI6MDxfTajVgcwsOziiu7bGN1tXN2H7AgWm7UR/E9gNOv+XxWqma3KrNCxbXAtxe2+q4UQO2NNW6vrqK7yFvr/V4M755fMAGJjjKe6tb9KSq8RQdly2T7tVGT8IvYdZCipjezv/WcTJLkMQ5n8f2VN8StO3u/xE6cG8cg7meMa53J0zGLzDsySDMZBTXepU5QyrJemsZxNmHf0+epJHl68gnsl5I5sxHyk75+WqqQG9N8DGdHF89rnH9x5UMpsOxbFM1O7PBWkMp0FuLoE7vMT305Tt1i/VSus5iOOq0gVfXOB9355PNi1B7mJtWC+ktLlWntaO5cVCmg3mv15uNRuv/9ufLyVpprP9d/TFskW7+si6xjIDohtEr3ECd2u7X9vwYIVacOMkkYBP7RiKKNnkZdRHoXpKTGKvYAMAYrOeCYtCY29+qzLUQ7BLQUbON2nD5MOPGp4VCS+or6yPg8+w26Ad0LXEM+CALDQrRVXS7KHD540H0BH3FzDHLkfH5wazfK0YLbmqzBsz9m3FxGUb7wshmZXyarX2IxehROVQQ0XN6B6E+xWi2Fkyai8AIGHcvDkq7iFC97LucuJTrEItPVwenXGLQnj2uWSrR3ERVfPJ3dAAF1lS0L/8uNzSZKBjcRozcmXfHX5DdG+rj2d/BxOWc7YNz7iz73db5Vya3h3q7M2q1Wt1ud7b+33hcz9yhzpEjR44cOXLkyJEjh0H8ByMJ8u+aLBzeAAAAAElFTkSuQmCC

Security: For sensitive files (such as malware), select Password Protect Zip . This automatically encrypts the saved ZIP archive created using Save To Case Wall with the password infected .

Playbook block configuration

The following configuration demonstrates how to use the Execute HTTP Requestaction within a playbook block. Use this example to understand how to apply placeholders and input prefixes.

When using block inputs as placeholders, you must include the Input. prefix (for example, [Input.comment] ).

Method: PUT

URL Path:

 https://{API_URL}/[Input.table_name]/[Input.sys_id]

Headers:

  { 
  
 "Content-type" 
 : 
  
 "application/json; charset=utf-8" 
 , 
  
 "Accept" 
 : 
  
 "application/json" 
 , 
  
 "User-Agent" 
 : 
  
 "GoogleSecops" 
 }

Body Payload:

  { 
  
 "work_notes" 
 : 
  
 "[Input.comment]" 
 }

Action inputs

The Execute HTTP Requestaction requires the following parameters:

Parameter

Description

Method

Optional.

The HTTP method (verb) used for the request.

The possible values are as follows:

GET
POST
PUT
PATCH
DELETE
HEAD
OPTIONS

The default value is GET .

URL Path

Required.

The API endpoint where the request executes. This path can optionally include query parameters.

URL Params

Optional.

The query parameters for the URL, provided as a JSON object.

This is the recommended input method for this parameter, as they are appended to any query parameters already defined in URL Path .

Headers

Optional.

The headers for the HTTP request, provided as a JSON object.

Headers control aspects such as authentication and define the format of Body Payload (using Content-Type ).

Cookie

Optional.

The cookies constructed into the HTTP Cookie header, provided as a JSON object.

This parameter overrides any cookie values provided in Headers .

Body Payload

Optional.

The content payload for the HTTP request, provided as a JSON object.

The request's format (JSON or form-urlencoded) is determined by the Content-Type set in Headers .

Expected Response Values

Optional.

The JSON object containing the field-value pairs that define the required state of the response body.

Save To Case Wall

Optional.

If selected, the action saves the response data as a file and attaches it to the case wall.

The file is archived with a .zip extension. This zip is not password protected unless Password Protect Zip is enabled.

Password Protect Zip

Optional.

If selected, the action encrypts the downloaded ZIP archive (created using Save To Case Wall ) with a password (such as infected ).

Use this option when dealing with suspicious or potentially malicious files to prevent accidental execution.

Enabled by default.

Follow Redirects

Optional.

If selected, the action automatically follows any HTTP redirect responses (such as 301 or 302 status codes) to the final destination URL.

Enabled by default.

Fail on 4xx/5xx

Optional.

If selected, the action explicitly fails the step when the HTTP response returns a client Error (4xx) or server Error (5xx) status code.

Enabled by default.

Base64 Output

Optional.

If selected, the action converts the HTTP response body into a Base64 encoded string. This is useful for processing or storing downloaded files.

The encoded string can't exceed 15 MB.

Fields To Return

Required.

A comma-separated list of fields that the action returns in the output.

The possible values are as follows:

response_data
redirects
response_code
response_cookies
response_headers
apparent_encoding

The default value is response_data,redirects,response_code,response_cookies,response_headers,apparent_encoding .

Request Timeout

Required.

The maximum time, in seconds, the action waits for the server to send data before the request is aborted.

The default value is 120 .

Action outputs

The Execute HTTP Requestaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result.	Available

JSON result

The following example shows the JSON result output received when using the Execute HTTP Requestaction:

  { 
  
 "response_data" 
 : 
  
 { 
  
 "data" 
 : 
  
 { 
  
 "relationships" 
 : 
  
 { 
  
 "comment" 
 : 
  
 [ 
  
 { 
  
 "name" 
 : 
  
 "example_resource_name" 
 , 
  
 "description" 
 : 
  
 "Description of the object to which the comment belongs." 
  
 }, 
  
 { 
  
 "name" 
 : 
  
 "example_user_role" 
 , 
  
 "description" 
 : 
  
 "Description of the user role associated with the comment." 
  
 } 
  
 ] 
  
 } 
  
 } 
  
 }, 
  
 "redirects" 
 : 
  
 [], 
  
 "response_code" 
 : 
  
 200 
 , 
  
 "cookies" 
 : 
  
 {}, 
  
 "response_headers" 
 : 
  
 { 
  
 "Content-Type" 
 : 
  
 "application/json" 
 , 
  
 "X-Cloud-Trace-Context" 
 : 
  
 "REDACTED_TRACE_ID" 
 , 
  
 "Date" 
 : 
  
 "REDACTED_DATE_TIME" 
 , 
  
 "Server" 
 : 
  
 "REDACTED_SERVER_NAME" 
 , 
  
 "Content-Length" 
 : 
  
 "REDACTED_VALUE" 
  
 }, 
  
 "apparent_encoding" 
 : 
  
 "ascii" 
 }

Output messages

The Execute HTTP Requestaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully executed API request.` `Successfully executed API request, but the status code 4xx_OR_5xx was returned. Please check the request or try again later.`	The action succeeded.
`Failed to execute API request. Error: ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully executed API request.

Successfully executed API request, but the status code 4xx_OR_5xx was returned. Please check the request or try again later.

The action succeeded.

Failed to execute API request. Error: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Execute HTTP Requestaction:

Script result name	Value
`is_success`	`true` or `false`

Get Authorization

Use the Get Authorizationaction to initiate the OAuth flow and obtain a link that contains the required access code for delegated authentication.

This action doesn't run on Google SecOps entities.

Action inputs

The Get Authorizationaction requires the following parameters:

Parameter Description

Parameter	Description
`Oauth Scopes`	Required. A comma-separated list of permissions (scopes) that define the level of access for the access and refresh tokens. The default value is `user.read, offline_access` .

Oauth Scopes

Required.

A comma-separated list of permissions (scopes) that define the level of access for the access and refresh tokens.

The default value is user.read, offline_access .

Action outputs

The Get Authorizationaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result.	Available

Output messages

The Get Authorizationaction can return the following output messages:

Output message Message description

Output message	Message description
`Authorization URL generated successfully. To obtain a URL with access code,Please navigate to the link below as the user that you want to run the integration with., to get a URL with access code. Provide the URL with the access code should be provided next in the Generate Token action.`	The action succeeded.
`Failed to generate the authorization URL! Error is ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Authorization URL generated successfully. To obtain a URL with access code,Please navigate to the link below as the user that you want to run the integration with., to get a URL with access code. Provide the URL with the access code should be provided next in the Generate Token action.

The action succeeded.

Failed to generate the authorization URL! Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Get Authorizationaction:

Script result name	Value
`is_success`	`true` or `false`

Generate Token

Use the Generate Tokenaction to obtain a persistent refresh token required for delegated authentication.

This token is generated using the authorization URL received from the Get Authorization action.

This action doesn't run on Google SecOps entities.

Action inputs

The Generate Tokenaction requires the following parameters:

Parameter Description

Parameter	Description
`Authorization URL`	Required. The full redirected URL containing the authorization code received from the Get Authorization action. This URL is used to request and generate the refresh token.

Authorization URL

Required.

The full redirected URL containing the authorization code received from the Get Authorization action. This URL is used to request and generate the refresh token.

Action outputs

The Generate Tokenaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result.	Available

Output messages

The Generate Tokenaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully fetched the refresh token: TOKEN_VALUE . Enter this token in the integration configuration to enable the integration to authenticate with delegated permissions on behalf of the user that performed the configuration steps. Note: We strongly recommend you configure the "Refresh Token Renewal Job" after you generate the initial refresh token so the job automatically renews and keeps the token valid.`	The action succeeded.
`Failed to get the refresh token! Error is ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully fetched the refresh token: TOKEN_VALUE . Enter this token in the integration configuration to enable the integration to authenticate with delegated permissions on behalf of the user that performed the configuration steps. Note: We strongly recommend you configure the "Refresh Token Renewal Job" after you generate the initial refresh token so the job automatically renews and keeps the token valid.

The action succeeded.

Failed to get the refresh token! Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Generate Tokenaction:

Script result name	Value
`is_success`	`true` or `false`

Ping

Use the Pingaction to test the connectivity to Azure API.

This action doesn't run on Google SecOps entities.

Action inputs

None.

Action outputs

The Pingaction provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Available
Output messages	Available
Script result.	Available

JSON result

The following example shows the JSON result output received when using the Pingaction:

  { 
  
 "endpoint" 
 : 
  
 "https://api.example-cloud-provider.com/v1.0/health" 
 }

Output messages

The Pingaction can return the following output messages:

Output message Message description

Output message	Message description
`Successfully tested connectivity.`	The action succeeded.
`Failed to test connectivity. ERROR_REASON`	The action failed. Check the connection to the server, input parameters, or credentials.

Successfully tested connectivity.

The action succeeded.

Failed to test connectivity. ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.

Script result

The following table lists the value for the script result output when using the Pingaction:

Script result name	Value
`is_success`	`true` or `false`

Jobs

For more information on jobs, see Configure a new job and Advanced scheduling .

Refresh Token Renewal Job

Use the Refresh Token Renewal Jobto periodically update the refresh token configured for the integration.

By default, the refresh token expires every 90 days. We recommended you to configure this job to automatically run every 7 or 14 days to keep the refresh token up to date.

Job parameters

The Refresh Token Renewal Jobrequires the following parameters:

Parameter Description

Parameter	Description
`Integration Environments`	Optional. A comma-separated list of integration environment names for which the job updates refresh tokens. Each environment name must be enclosed in double quotes.

Integration Environments

Optional.

A comma-separated list of integration environment names for which the job updates refresh tokens.

Each environment name must be enclosed in double quotes.

Need more help? Get answers from Community members and Google SecOps professionals.