If one of the "Linux Server Address", "Linux Username", "Linux Password" parameters is not provided:Error executing action "{action_name}". Reason: for remote server connection you need to provide values for all parameters "Linux Server Address", "Linux Username", "Linux Password".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eCisco Threat Grid has been renamed to Cisco Secure Malware Analytics, so keep this name change in mind for any future reference.\u003c/p\u003e\n"],["\u003cp\u003eThis integration allows you to retrieve domains and IP addresses associated with a given file hash.\u003c/p\u003e\n"],["\u003cp\u003eThe integration can fetch submissions related to various entities like IP addresses, file hashes, hostnames, processes, URLs, and filenames, and it marks these entities as suspicious if their threat score exceeds a defined threshold.\u003c/p\u003e\n"],["\u003cp\u003eYou can test connectivity using the "Ping" action, which runs on all entities.\u003c/p\u003e\n"],["\u003cp\u003eThe platform enables uploading and analyzing samples, with options to configure the analysis environment and specify a playbook, network exit, and private settings.\u003c/p\u003e\n"]]],[],null,["Cisco Threat Grid\n\nIntegration version: 13.0\n| **Important:** Cisco Threat Grid was renamed to Cisco Secure Malware Analytics.\n| **Note:** This integration uses one or more open source components. You can download a copy of the full source code of this integration from the [storage bucket](https://storage.googleapis.com/csoar_public_integrations/CiscoThreatGrid.zip).\n\nConfigure Cisco Threat Grid integration in Google Security Operations\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n\nGet Hash Associated Domains\n\nDescription\n\nGet domains associated with a given hash.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the Filehash entity.\n\nAction Results\n\nEntity Enrichment\n\n| Enrichment Field Name | Logic - When to Apply |\n|------------------------------------------|-------------------------------------|\n| cisco_threat_grid.get_associated_network | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| Script Result Name | Value Options | Example |\n|--------------------|---------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": [\"migsel.com\"],\n \"Entity\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\"\n }\n ]\n\nGet Hash Associated IPs\n\nDescription\n\nGet IPs associated with a given hash.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the Filehash entity.\n\nAction Results\n\nEntity Enrichment\n\n| Enrichment Field Name | Logic - When to Apply |\n|------------------------------------------|-------------------------------------|\n| cisco_threat_grid.get_associated_network | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| Script Result Name | Value Options | Example |\n|--------------------|---------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": [\"95.128.128.129\",\n \"192.168.1.255\",\n \"192.168.1.1\"],\n \"Entity\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\"\n }\n ]\n\nGet Submissions\n\nDescription\n\nGet submissions by entity.\n\nParameters\n\n| Parameter Name | Type | Default Value | Description |\n|----------------|--------|---------------|------------------------------------------------------------|\n| Threshold | String | 50 | Mark as suspicious if max threat score pass the threshold. |\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the following entities:\n\n- IP Address\n- Filehash\n- Hostname\n- Process\n- URL\n- Filename\n\nAction Results\n\nEntity Enrichment\n\nEntity is marked as suspicious if the max score exceeds a threshold. Else:\nfalse.\n\n| Enrichment Field Name | Logic - When to Apply |\n|-----------------------|-------------------------------------|\n| Name | Returns if it exists in JSON result |\n| Submitted | Returns if it exists in JSON result |\n| Score | Returns if it exists in JSON result |\n| Indicators | Returns if it exists in JSON result |\n| SHA256 | Returns if it exists in JSON result |\n| MD5 | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| Script Result Name | Value Options | Example |\n|--------------------|---------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": [\n {\n \"Name\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894.exe\",\n \"Submitted\": \"2018-06-13T09:16:12Z\",\n \"Score\": 95,\n \"Indicators\": 20,\n \"SHA256\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\",\n \"MD5\": \"5fa6b79842cec6d8d172fb16e56b7247\"\n }, {\n \"Name\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894.exe\",\n \"Submitted\": \"2018-06-13T09:15:51Z\",\n \"Score\": 95,\n \"Indicators\": 21,\n \"SHA256\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\",\n \"MD5\": \"5fa6b79842cec6d8d172fb16e56b7247\"\n }, {\n \"Name\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894.exe\",\n \"Submitted\": \"2018-06-13T09:14:38Z\",\n \"Score\": 95,\n \"Indicators\": 20,\n \"SHA256\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\",\n \"MD5\": \"5fa6b79842cec6d8d172fb16e56b7247\"\n }, {\n \"Name\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894.exe\",\n \"Submitted\": \"2018-06-13T09:13:12Z\",\n \"Score\": 95,\n \"Indicators\": 19,\n \"SHA256\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\",\n \"MD5\": \"5fa6b79842cec6d8d172fb16e56b7247\"\n }, {\n \"Name\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894.exe\",\n \"Submitted\": \"2018-06-13T09:12:27Z\",\n \"Score\": 95,\n \"Indicators\": 19,\n \"SHA256\": \"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\",\n \"MD5\": \"5fa6b79842cec6d8d172fb16e56b7247\"\n }\n ],\n \"Entity\\\": \\\"dfdca325e9a23bb0131d1f887480481f961f3df919a0609d6472381e76a53894\"\n }\n ]\n\nPing\n\nDescription\n\nTest Connectivity.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| Script Result Name | Value Options | Example |\n|--------------------|---------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n N/A\n\nUpload Sample\n\nDescription\n\nUpload and analyze a sample.\n\nParameters\n\n| Parameter Name | Type | Default Value | Description |\n|----------------------|----------|---------------|----------------------------------------------------------------------------------------------------------------------|\n| Parameter | Type | Default Value | Description |\n| File Path | String | N/A | The sample file path. |\n| Vm | String | N/A | The vm to run the analysis on. Example: win7-x64 |\n| Playbook | String | N/A | Name of a playbook to apply to this sample run. Example: default |\n| Network Exit | String | N/A | Any outgoing network traffic that is generated during the analysis to appear to exit from the Network Exit Location. |\n| Private | Checkbox | Checked | If checked, the sample will be marked private. |\n| Linux Server Address | String | N/A | Specify the IP address of the remote linux server, where the file is located. |\n| Linux Username | String | N/A | Specify the username of the remote linux server, where the file is located. |\n| Linux Password | Password | N/A | Specify the password of the remote linux server, where the file is located. |\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| Script Result Name | Value Options | Example |\n|--------------------|---------------|---------|\n| score | N/A | N/A |\n\nJSON Result \n\n {\n \"count\": 0,\n \"max-confidence\": 0,\n \"sample\": \"99ca73a47996cc3069e39a672728a49c\",\n \"score\": 0,\n \"bis\": [],\n \"max-severity\": 0\n }\n\nCase Wall\n\n| Result Type | Value / Description | Type |\n|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|\n| Output message\\* | *If one of the \"Linux Server Address\", \"Linux Username\", \"Linux Password\" parameters is not provided:* ***Error executing action \"{action_name}\". Reason: for remote server connection you need to provide values for all parameters \"Linux Server Address\", \"Linux Username\", \"Linux Password\".*** | General |\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
