Symantec ICDx
Integration version: 6.0
Configure Symantec ICDx integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Get Event
Description
Get event data by its ID.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
Event UUID
|
String | N/A | N/A |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Get Events Minutes Back
Description
Get events for query, by minutes back.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
Query
|
String | N/A | Request query. |
|
Limit
|
String | N/A | Received events amount limit. |
|
Minutes Back
|
String | N/A | Fetch events minutes back parameter. |
|
Fields
|
String | N/A | Specific event fields to bring(Comma separated.) |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
4.0
|
N/A | N/A |
JSON Result
N/A
Ping
Description
Test Symantec ICDx connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Connectors
Symantec ICDx query Connector
Description
Fetching events from Symantec ICDx server using a query.
Configure Symantec ICDx Query Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector .
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
DeviceProductField
|
String | device_product | The field name used to determine the device product. |
|
EventClassId
|
String | name | The field name used to determine the event name (sub-type). |
|
PythonProcessTimeout
|
String | 60 | The timeout limit (in seconds) for the python process running current script. |
|
API Root
|
String | null | N/A |
|
API Token
|
Password | null | N/A |
|
Verify SSL
|
Boolean | FALSE | Whether to use son connection or not. |
|
Search Query
|
String | null | N/A |
|
Events Limit
|
Integer | 10 | Max count of events to pull in one cycle. Example: 20 |
|
Max Days Backwards
|
Integer | 1 | Max number of days to fetch alerts since. Example: 3 |
|
Proxy Server Address
|
String | null | The address of the proxy server to use. |
|
Proxy Username
|
String | null | The proxy username to authenticate with. |
|
Proxy Password
|
Password | null | The proxy password to authenticate with. |
Connector Rules
Proxy support
The connector supports proxy.
Whitelist/Blacklist
The connector supports Whitelist/Blacklist rules.
Need more help? Get answers from Community members and Google SecOps professionals.
