Elastica CloudSOC
Integration version: 5.0
Overview
Configure Elastica CloudSOC integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Get User Activities
Description
Fetch user activities from Symantec CloudSOC. Symantec CloudSOC provides insights into user activity and an overview of how cloud applications are used.
Parameters
| Parameters | Type | Default Value | Description |
|---|---|---|---|
|
Minutes Back
|
String | N/A | Fetch logs since 'x' minutes backwards. Example: 5 |
Use cases
N/A
Run On
This action runs on the User entity.
Action Results
Entity Enrichment
Entities are marked as Suspicious (True) if they exceed threshold. Else: False.
| Enrichment Field Name | Logic - When to apply |
|---|---|
| browser | Returns if it exists in JSON result |
| _domain | Returns if it exists in JSON result |
| severity | Returns if it exists in JSON result |
| latitude | Returns if it exists in JSON result |
| user | Returns if it exists in JSON result |
| object_type | Returns if it exists in JSON result |
| location | Returns if it exists in JSON result |
| longitiude | Returns if it exists in JSON result |
| device | Returns if it exists in JSON result |
| host | Returns if it exists in JSON result |
| user_agent | Returns if it exists in JSON result |
| created_timestamp | Returns if it exists in JSON result |
| event_type | Returns if it exists in JSON result |
| message | Returns if it exists in JSON result |
| user_name | Returns if it exists in JSON result |
| inserted_timestamp | Returns if it exists in JSON result |
| activity_type | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_succeed
|
True/False | is_succeed:False |
JSON Result
[{
"EntityResult"
:
{
"browser"
:
"Chrome"
,
"_domain"
:
"siemplify.co"
,
"severity"
:
"error"
,
"service"
:
"Elastica"
,
"latitude"
:
32.0678
,
"user"
:
"john_doe@example.com"
,
"object_type"
:
"Session"
,
"location"
:
"Tel Aviv (Israel)"
,
"longitude"
:
34.7647
,
"device"
:
"Windows"
,
"host"
:
"1.1.1.1"
,
"user_agent"
:
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
,
"created_timestamp"
:
"2019-01-20T07:49:14"
,
"event_type"
:
"PORTAL_LOGIN_FAILURE"
,
"message"
:
"Failed login attempt by user 'john_doe@example.com'"
,
"_id"
:
"--Fi3z-1QHewAgPiTQlvXQ"
,
"user_name"
:
"Meny Har"
,
"inserted_timestamp"
:
"2019-01-20T07:49:14"
,
"activity_type"
:
"Failure"
},
"Entity"
:
"john_doe@example.com"
}]
Ping
Description
Verifies connectivity to the Symantec CloudSOC server.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_succeed
|
True/False | is_succeed:False |
JSON Result
N/A
Need more help? Get answers from Community members and Google SecOps professionals.
