Symantec Blue Coat ProxySG
Integration version: 4.0
Configure Symantec Blue Coat ProxySG integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
SSH Root
|
String | {ip address}:22 | Yes | SSH root of the Blue Coat ProxySG instance. |
|
Username
|
String | N/A | Yes | Username of the Blue Coat ProxySG SSH account. |
|
Password
|
Password | N/A | Yes | Base64 encoded CA certificate file. |
Use Cases
- Enrich entities.
- Block entities.
Actions
Ping
Description
Test connectivity to Broadcom Symantec ProxySG with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Parameters
N/A
Run On
This action doesn't run on entities, nor has mandatory input parameters.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success=False |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
|
Output message*
|
The action should not fail nor stop a playbook execution:
If successful: "Successfully connected to the Broadcom Symantec ProxySG server with the provided connection parameters!" The action should fail and stop a playbook execution:
If not successful: "Failed to connect to the Broadcom Symantec ProxySG server! Error is {0}".format(exception.stacktrace)" |
General |
Enrich Entities
Description
Enrich entities using information from Broadcom Symantec ProxySG. Supported entities: Hostname, IP Address, and URL.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
Create Insight
|
Checkbox | Checked | No | If enabled, the action creates an insight containing all of the retrieved information about the entity. |
Run On
This action runs on the following entities:
- Hostname
- IP Address
- URL
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success=False |
JSON Result
{
"raw_output"
:
"{raw output from the console}"
,
"categories"
:
{
"Policy"
:
"none"
,
"Blue Coat"
:
"none"
,
"IWF"
:
"none"
,
"Local"
:
"unavailable"
,
"Proventia"
:
"unavailable"
},
"category_group"
:
{
"Blue_Coat"
:
"none"
},
"risk level"
:
1
,
"Country"
:
"Unavailable"
,
"Official Host Name"
:
"twitter.com"
,
"Resolved Addresses"
:
[
"104.244.42.1"
,
"104.244.42.65"
],
"Cache TTL"
:
"1231, cache HIT"
,
"DNS Resolver Response"
:
"Success"
}
Entity Enrichment
-
Enrichment Table for URL - PrefixBCProxySG_
Enrichment Field Name Source (JSON Key) Logic - When to apply risk_level{risk_level} When available in JSON category_{categories.keys}{categories/values} one key
Note:One value as entry.
When available in JSON category_group_{category_group.keys}{category_group/values} When available in JSON -
Enrichment Table for IP Address - PrefixBCProxySG_
Enrichment Field Name Source (JSON Key) Logic - When to apply country{country} When available in JSON -
Enrichment Table for Hostname - PrefixBCProxySG_
Enrichment Field Name Source (JSON Key) Logic - When to apply official_hostname{Official Host Name} When available in JSON resolved_addressesCSV of "Resolved Addresses" When available in JSON cache_ttlCache TTL When available in JSON
Insights
N/A
Case Wall
The action should not fail nor stop a playbook execution:
If data is available for one entity (is_success=true): "Successfully enriched the following entities using information from Blue Coat ProxySG: {entity.identifier}."
If data is not available for one entity (is_success=true): "Action wasn't able to enrich the following entities using information from Blue Coat ProxySG: {entity.identifier}"
If data is not available for all entities (is_success=false): "None of the provided entities were enriched."
The action should fail and stop a playbook execution:
If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Enrich Entities". Reason: {0}''.format(error.Stacktrace)
Table Title:{entity.identifier}
Table Columns:
- Key
- Value
Block Entities
Description
Block entities using Broadcom Symantec ProxySG. Supported entities: IP Address.
Parameters
N/A
Run On
The action runs on the IP Address entity.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success=False |
JSON Result
{
"raw_output"
:
"raw"
"status"
:
{
success/
fa
ilure
}
}
Entity Enrichment
N/A
Insights
N/A
Case Wall
| Result type | Value/Description | Type |
|---|---|---|
|
Output message*
|
The action should not fail nor stop a playbook execution:
If data is available for one entity (is_success=true): "Successfully blocked the following entities in Broadcom Symantec ProxySG: {entity.identifier}." If data is not available for one entity (is_success=true): "Action wasn't able to block the following entities in Blue Coat ProxySG: {entity.identifier}." If data is not available for all entities (is_success=false): "None of the provided entities were blocked." The action should fail and stop a playbook execution:
If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Enrich Entities". Reason: {0}''.format(error.Stacktrace) |
General |
Need more help? Get answers from Community members and Google SecOps professionals.
