DShield
Integration version: 5.0
Configure DShield integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Get IP Info
Description
Query DShield for information about external IP addresses.
Parameters
N/A
Run On
This action runs on the IP Address.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| comment | Returns if it exists in JSON result |
| count | Returns if it exists in JSON result |
| updated | Returns if it exists in JSON result |
| Alexa | Returns if it exists in JSON result |
| network | Returns if it exists in JSON result |
| attacks | Returns if it exists in JSON result |
| maxdate | Returns if it exists in JSON result |
| asname | Returns if it exists in JSON result |
| assize | Returns if it exists in JSON result |
| number | Returns if it exists in JSON result |
| maxrisk | Returns if it exists in JSON result |
| as | Returns if it exists in JSON result |
| asabusecontact | Returns if it exists in JSON result |
| ascountry | Returns if it exists in JSON result |
| threatfeeds | Returns if it exists in JSON result |
| mindate | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_enriched
|
True/False | is_enriched:False |
JSON Result
[{
"EntityResult"
:
{
"comment"
:
"Googlepublicrecursivenameserver"
,
"count"
:
8218
,
"updated"
:
"2019-01-2004: 51: 46"
,
"Alexa"
:
{
"domains"
:
1
,
"lastrank"
:
6178
,
"hostname"
:
"google-public-dns-a.google.com"
,
"lastseen"
:
"2016-01-02"
,
"firstseen"
:
"2016-01-02"
},
"network"
:
"1.1.1.1/24"
,
"attacks"
:
32
,
"maxdate"
:
"2019-01-20"
,
"asname"
:
"GOOGLE-GoogleLLC"
,
"assize"
:
609498
,
"number"
:
"1.1.1.1"
,
"maxrisk"
:
0
,
"as"
:
15169
,
"asabusecontact"
:
"john_doe@example.com"
,
"ascountry"
:
"US"
,
"threatfeeds"
:
{
"qakbot"
:
{
"lastseen"
:
"2015-04-03"
,
"firstseen"
:
"2015-04-02"
},
"forumspam"
:
{
"lastseen"
:
"2018-12-05"
,
"firstseen"
:
"2011-05-10"
}
},
"mindate"
:
"2019-01-14"
},
"Entity"
:
"1.1.1.1"
}]
Ping
Description
Test Connectivity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N
/
A
Need more help? Get answers from Community members and Google SecOps professionals.
