Integrate Zerofox with Google SecOps
Integration version: 1.0
Integration Parameters
The Zerofox integration requires the following parameters:
| Parameter | Description |
|---|---|
| API Root | Required. The API root of the Zerofox instance. |
| API Token | Required. The Zerofox API token. |
| Verify SSL | Required. If selected, the integration validates the SSL certificate when connecting to Zerofox. Selected by default. The default value is |
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .
Ping
Use the Pingaction to test the connectivity to Zerofox.
The action doesn't run on any entities.
Action inputs
The Pingaction doesn't require any parameters.
Action Outputs
The Pingaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Pingaction provides the following output messages:
| Output message | Message description |
|---|---|
Successfully connected to the Zerofox server with
the provided connection parameters!
|
The action succeeded. |
Failed to connect to the Zerofox server! Error
is {0}".format(exception.stacktrace)
|
The action failed. |
Script Result
The following table describes the values for the script result output when using the Pingaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Request Takedown
Use the Request Takedownaction to request a takedown in Zerofox.
This action doesn't run on Google SecOps entities.
Action inputs
The Request Takedownaction requires the following parameters:
| Parameter | Description |
|---|---|
| Alert ID | Required. The ID of the Zerofox Alert. |
Action outputs
The Request Takedownaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Request Takedownaction provides the following output messages:
| Output message | Message description |
|---|---|
Successfully requested takedown for alert with ID {alert id}
|
The action succeeded. |
| |
The action failed. |
Script Result
The following table describes the values for the script result output when using the Request Takedownaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Close Alert
Use the Close Alertaction to close an alert in Zerofox.
This action doesn't run on Google SecOps entities.
Action inputs
The Close Alertaction requires the following parameters:
| Parameter | Description |
|---|---|
| Alert ID | Required. The ID of the Zerofox Alert. |
Action Outputs
The Close Alertaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script Result
The following table describes the values for the script result output when using the Close Alertaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Output messages
The Close Alertaction provides the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. |
Add Note To Alert
Use the Add Note To Alertaction to add a note to an alert in Zerofox.
This action doesn't run on Google SecOps entities.
Action inputs
The Add Note To Alertaction requires the following parameters:
| Parameter | Description |
|---|---|
| Alert ID | Required. The ID of the Zerofox Alert. |
| Note | Required. The note for the alert. |
Action outputs
The Add Note To Alertaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Add Note To Alertaction provides the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. |
Script Result
The following table describes the values for the script result output when using the Add Note To Alertaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Add Evidence To Alert
Use the Add Evidence To Alertaction to add evidence to an alert in Zerofox.
This action doesn't run on Google SecOps entities.
Action inputs
The Add Evidence To Alertaction requires the following parameters:
| Parameter | Description |
|---|---|
| Alert ID | Required. The ID of the Zerofox Alert. |
| Filepath | Required. The absolute path for the evidence submitted to the alert. |
Action outputs
The Add Evidence To Alertaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Add Evidence To Alertaction provides the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. |
Script Result
The following table describes the values for the script result output when using the Add Evidence To Alertaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Need more help? Get answers from Community members and Google SecOps professionals.
