Integrate Azure API with Google SecOps

Integration version: 1.0

This document explains how to integrate Azure API with Google Security Operations.

Use cases

The Azure API integration uses Google SecOps capabilities to support the following use cases:

  • Universal Microsoft 365 investigation: Use the custom HTTP request capability to query any Microsoft Graph endpoint, allowing analysts to gather data across Teams, SharePoint, and Exchange from a single interface.

  • Custom incident remediation: Execute targeted POST or PATCH requests to remediate threats in Azure services when a dedicated "one-click" action is not available, ensuring rapid response to emerging vulnerabilities.

  • Automated data ingestion: Perform scheduled ingestion of security events and audit logs from various Azure repositories to maintain comprehensive visibility over the cloud environment.

  • Secure malware handling: Safely download and analyze suspicious files by using the built-in password-protected ZIP archiving feature, which prevents accidental execution of malicious content.

  • Persistent authentication management: Use the Refresh Token Renewal Job to automatically rotate OAuth 2.0 tokens, ensuring that automated playbooks and hunting jobs maintain uninterrupted, secure access to Microsoft 365 services.

Before you begin

Before you configure the integration in Google SecOps, verify that you have the following:

  • Microsoft Entra ID application: An application registered in the Microsoft Entra ID portal to facilitate API communication.

  • Client ID and client secret: Valid credentials generated from your application registration.

  • Tenant ID: The unique identifier of your Azure Active Directory instance.

  • Redirect URL: A configured Redirect URI that matches the one provided in the integration parameters.

  • API permissions (scopes): The specific permissions assigned to your application based on the Azure services you intend to query.

  • Refresh token: A token valid for 90 days required for persistent delegated access.

  • Refresh Token Renewal Job: A critical security automation used to prevent integration failure due to token expiration.

Azure API authentication setup

The Azure API integration supports two types of authentication. The set of permissions required depends on the specific API requests and Azure services you query.

  • Application permissions: API requests are executed from the perspective of the application configured in Microsoft Entra ID. This setup only requires a client ID and client Secret.

  • Delegated permissions: API requests are executed on behalf of a specific user for whom impersonation is configured.

Establish delegated authentication

To use delegated permissions, you must manually generate an initial refresh token using the following steps:

  1. Provide the Client ID, Client Secret, Scope, Redirect URL, and Tenant ID in the integration configuration.

  2. Run the Get Authorization action.

  3. Open the link generated by the action in a browser and copy the resulting redirected link.

  4. Provide the redirected link as an input to the Generate Token action.

  5. Copy the token returned by the action and enter it into Refresh Token during integration configuration.

Configure refresh token renewal

The initial refresh token is valid for 90 days. To ensure uninterrupted service, configure the Refresh Token Renewal Job to automatically update the refresh token for the integration instance.

Integration parameters

The Azure API integration requires the following parameters:

Parameter Description
Microsoft Login API Root

Required.

The API root of the Microsoft identity platform login service used for Azure API authentication.

The default value is https://login.microsoftonline.com.
Microsoft Graph API Root

Required.

The API root of the Microsoft Graph service used for Azure API operations.

The default value is https://graph.microsoft.com.
Client ID

Required.

The client ID for the Azure API account.
Client Secret

Required.

The client secret for the Azure API account.
Tenant ID

Required.

The tenant ID for the Azure API account.
Refresh Token

Optional.

The refresh token used for delegated access to the Azure API account.

This token is valid for 90 days and is obtained in the initial setup.
Verify SSL

Optional.

If selected, the integration validates the SSL certificate when connecting to the Azure API server.

Enabled by default.
Redirect URL

Optional.

The redirect URI associated with the Microsoft Entra ID application.

The default value is http://localhost.
Test URL

Required.

The URL used to validate the authentication to Azure API using a GET request.
Scopes

Required.

A comma-separated list of the scopes for the Azure API authentication.

For instructions about how to configure an integration in Google SecOps, see Configure integrations.

You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances.

Actions

For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action.

Execute HTTP Request

Use the Execute HTTP Request action to construct and execute a customized HTTP API request against a target URL.

This action doesn't run on Google SecOps entities.

Action behavior

This action supports complex behaviors including asynchronous polling, dynamic payload construction, and file management.

Asynchronous polling

When Expected Response Values is provided, the action operates in asynchronous mode. In this mode, the action repeatedly polls the target endpoint to track the state of a response (for example, waiting for a long-running task to complete).

The action evaluates the response body against the JSON conditions provided in the parameter and continues execution until the conditions are met or the action reaches its timeout.

Condition logic

The action supports the following logic for tracking response states:

  • Single field matching: The action waits for a specific field to reach a single value.

    {
  "state": "finished"
}

  • Multiple values (OR logic): The action stops execution if a field matches any value in a provided list. This is useful for stopping on both "success" and "error" states to avoid unnecessary polling.

    {
  "state": ["finished", "error"]
}

  • Multiple fields (AND logic): The action waits until all specified fields match their respective values simultaneously.

    {
  "state": "finished",
  "percentage": "100"
}

  • Combined logic: You can combine multiple conditions within the JSON object.

    {
  "state": ["finished", "error"],
  "percentage": "10"
}
JSON parsing behavior

When evaluating conditions, the action follows these rules:

  • Global search: The action searches the entire JSON response object for the specified keys. Provide the key name exactly as it appears in the JSON without prepending parent object names or using prefixes (for example, use "state", not "data_state" or "data-state").

  • Multiple identical keys: If the response contains multiple keys with the same name at different levels of the JSON hierarchy, the expected output is only reached when all matching key names satisfy the identical expected value.

    For example, to search for the finished state in the JSON response and ignore other states, set all state keys in Expected Response Values to finished:

    {
"data": {
  "state": "finished"
  },
  "state": "finished"
}
Body payload construction

The action constructs the request body based on the Content-Type header provided in Headers.

This is the Body Payload input used for the following construction examples:

{
  "Id": "123123",
  "sorting": "asc"
}

  • application/x-www-form-urlencoded: The action generates the payload as Id=123123&sorting=asc.

  • application/json: The action generates the following JSON payload:

    {
  "Id": "123123",
  "sorting": "asc"
}

  • XML: If the third-party product requires XML, provide an XML-formatted input directly in Body Payload:

    <?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="[http://schemas.xmlsoap.org/soap/envelope/](http://schemas.xmlsoap.org/soap/envelope/)">
<soap:Body>
  <NumberToWords xmlns="[http://www.dataaccess.com/webservicesserver/](http://www.dataaccess.com/webservicesserver/)">
    <ubiNum>500</ubiNum>
  </NumberToWords>
</soap:Body>
</soap:Envelope>
File handling

The action supports the following workflows for managing files:

  • Downloading files:

    • To return file data as part of the JSON result in base64 format, select Base64 Output.

    • To save a file directly to the Case Wall as a ZIP archive, select Save To Case Wall.

  • Uploading files: To upload a file, convert it to a base64-encoded string and include it as part of the Body Payload value.

    The following example shows an image file converted to a base64-encoded string:

    iVBORw0KGgoAAAANSUhEUgAAAOEAAADgCAMAAADCMfHtAAAAvVBMVEX////2yBctLS32xgAAAAASEhLPz8/2xwAfHx8qKiqTk5P1wwD2xw4XFxf///u9vb3w8PAlJSXi4uJBQUH++eb+++z//fP76rH99df98sz64qD64Y/523b41Vr53Hz39/f87bv878T989H3zjH634j76rL3zzz76Kj42GbZ2dn41FCvr68TExM6OjpRUVFmZmb40kiOjo6wsLB8fHxdXV3645j41V9ubm5ISEjGxsahoaFhYWGFhYX53Xn63oxSMwp1AAAMpUlEQVR4nO1da1fiOhemBmg7KWCV+00QBUQdmVHU8Z2Z//+zDpfxgn3SZKdJi+/q8+GctWZJk6fJvmY3u1DIkSNHjhw5cuTIkSNHjq+DZn08brVm3S1ardG4Xc96SqbQHs2GC4dxzj6Bc3c67806zaxnmADt1nDKNsyCwIEI3A1Td7AafUGane5iQ05A7RPRNU1neNnIes7qaLbmLlcjt8dysupkPXUVNLtLzlwSu3eW3B2OsyYgweWCunifwJh70c6ahRDtoaLgSUjy6ayaNReEyylnyeltsRbKi0Mzl9Wua2L53sH443nWpD6g2WOmlu8dAV8ejGq1we8fx4PQrDPXDr8dx0Hm8jh27PHbcexn6tHVB9yofkFgbJYdwZ59fluO04x8gPbE7gZ9R8AvsnABLtJZwB2Yk/oy1qfEBQy2weArXFHIKPw576VLcKbuwQTBhpAzWc77vd7laI1urzcfTHfxrzpRtkwxgKzOuSK7DYVFb3SOrFqjPW79mTjuhr/aw1Kz/3UlFbNhN+2NZRa7et6aO4pOLb9IhV9hrDCdYB0E/xkrb6v2bBmokGSDNHTqSr5DGZv0qJFBYzRQIMkc+15cX0ZwPc++XlDQmE2lPnzgWg6qqgPJFAKWKEBv9wMZRzYyxgagKrGCLlskjekaK0eyWXnLCBc8uhObRHPZwITnUe1K4hW+MjAKRMOJe7mBGX4byDjaohhPkE1N5hyqvdi42g7FWILMMS0c9cc4cbThpVYn4gEDZiMQH8e5TrxrerjqVKxk2MROUqw6jFlG4xo1xg6yvjVXqhOjcbjZ1zoXjuS6I6Mj7aMqHthhJoNisS9qPWoTR6KBY27okZjg0NggIrSFO9WdmhqjLhoiSCXR11yIxmdzMyMI7UTgpnSw0BdR5Gbe8KPg+UEKsdo/XAhX0UQs1RUIIZukmG7vCt9yckslEsJUCRYKLdE0kouiQAjZNOUDk5GAYmLfRiABKa/gBiKKLNlMzrEQBpMMzhFmmGKwSPRUHDEFTiZneitMMdE+7eFnuhkdzIpERv99C/Qoy6yCAJvmBPp0AfdohmeyAvdKO5AaQzWTgrMtRgMuYjDRfBxUM8HS6JSpGON9qretsKfkZlzsirWNq2O9qjAxYzenroIl2llMJ/cGXxbrG58xFVgUNSxGEz3IhCufGNC3YfTDU7iEhvNbmoBGjLyIUAoPYI9uAB0R8iJCH5DynspaONafHFWdwo1AsTrFkgaKNbWHI0vNaHn+S/CWaJ5D8UgDFUWG0NsKSAyR/0dTM1YZQqNIMtVt8I6CAYWgZYZwghR/EiUoOe2YwC7DwgBtMvWwtYqkkLaEthmiRSS4bkjPEJfQNkO4iK7yr4Eck4Mm2wzRIirrwkaSH6fFEC2Dss8FXFt6FG2dIcqfMsXfTsHbIQfR1hkit0uxArWJ1BQ5arLPEHinijkkoElder7OPsM6WAk1bTqPBk4aGVL7DJGuUbNpQILVDU2aDMFmUwowwGGMRooAMQw9GVSjpx2AwlAy20iANZIXUYbh/TcZflyRxgDpDBV7AX6msUkBwxJt+goAB8MqiwE0qU56BjAsazwmFsD5UhBE4O9pZYHTYAiyGQohEFh5rpPIT4UhSHnKJWoY+VHg6AyeCkNwTiMPg6MZGh1bkRJDYC/kIgXUk/Q3CKkwBIIoVTXA2SOkPz4gDWuBZErqQoOoSzXo2kc6axjVi9JINhr9BnpVnOkw7NAXJKp/Nc/t02EIVA2XVA5HU1hMryAnHTks0CM9YCz0vk2NMqzUTt5xfKb11AiiMaJM9euYUAgQPVXezpjC8PT70+/rK7XDtDj0I4so23NgX+sNLYmAfT/0Kje3T9cJSUYLRtjf2B8Ac6hnLNRifD+seE+1JBs2GudLkqbnhrxSQhYjLD2/6HOM2m9JHWbUvujWQBHyNH7llJS9+AiwJPH2G7wS4pnTK0iZKL/0pCmPUbGSbLooQ91CPWKuzTv6pTVMNMw/VIZH/s1PnWFAIiM+Bo56snrRoU6+tPSiMw7VvEUdb916WY2McElnFb8Uw6Oihm/+tRj6Pt0wUhlmKYdrePfWGWanS3coUiMssi61xND/gFiG4ffEDMn2UNunqVS20ZK3ZXX6hluv5IXmFpHs05jzS1+uf9XKb/HuB5yUX+7EHEOiJAK/NH7C5mKLWJzc34h2a4X2JHJsYS4+lOCXSCCJ+SpyfIiUr53i9SsBRY/mu5FjfHN5Gil+lbAg3pGeQs/TGMu1yXEH1Y1/S3pItLpJlmsD+VJbn6qV8SKWSA8B+VLJB+zGct4KwAyLlEcAl0aW8wZHHcZun/iM71DXkBhqnFsYO3tSwBMURBJDcJAkO3sydn6ogPvkDKOqVF6CZ+oMuCDX+g+QIUnTaJwBI/WrpWpqxQfZnxwhOfRPCYNoneObqsXwfe85Pgd6BkNIksUHWkOmSmHBn/xHUVxX1pO9jQ2FahXE0PtGGEWrngbVRF0SBt3hLNzswDC8jvmbZ2gsSAWYWjVRqK6NXiH84u2EqiLO1l/fIIJHRUJ6H0VCCgWmJmoTz7y3TXckWMYy3KM0txR8VKBSm6j5sz388N6nXHlGB4Q1z0DwpFlfimqEifbieM/j9G+eX072/+DkviIIgIsn+JEIujXCwF2nbtN7b3/avhc+fCuf7CTs+KT25HuY31EoNaIfoFvnnbxW/wTWeN/4p98fHh6+n4aVUJhSJOX1wZcvarX6ib+3wP7mtjohDGMTpqQl1P/eAn4zQyiiRUuoCIoUouuBVBUG+u6J8KE0zk6ooELxZ5C+UJUm9O2aum8qSE4oIHymEETfrqlqRPT9oXo+6ll3CX2fVK2AdpqyVQOWVD25f32jR9GvkI4s0D1r6p+BJvsO+OSuFH/AhAne0JLdyb4DTvotd+1W5LIIEd5S1KjgW27CLd/RMJj2MffZi0/jWPofsWIIfo9PiGMTX1lQOH65VZfHsEItNEl+6QNQVA6npffPfj4UBQHEJ37FJ9oOLeB7MWjzQ8aG/j331Y/bkoSkHxbv6DUmcHrEdBK8Yoh+0/tZ+fdp0RN52v7aCf+tU/0N76chnq/Ay9q0rmA8u3p5Oip53r7P7YeeV7y916uehRdWUu8YwvdE6V7BeHZ1/ePu1C+WSpVtAUPRu334fX2lWTiL74kiN4SAdzERlc0+zo6Py+Xaz5+1cvk4Uak+vpOOvL/wlXvB/9F9bYLbvrK/zwxfqqqjIgT3JtKzw4aBTLWGFG6AbyZmGbdAx3dfakoPvr/U2pGwEvCd15rfZonuoM1SFLEQat9BWxhgUTy8e4S1+weI7oLOrNMy7nSRZFcJ7ghnGd3nLehzkejiX7wrTHZ4IUBwfzpPZMBQpOkc1r36rmaJ7ysE7y2D3ggCgkl7IwhciAwoirqU8FHSJx9IjxIRQRPtglrCPjMpalSBUjdUoy1qDHYQvYLMdCYT93tKx/SLm68Z6vck7tmlk5uio7kUrqAxFxm74LsxrBvGjrC9q7m+a+KuVpuuSJaFcRXTO8+kNhd2PlsLo82ovylqibZZQpP9D0Ve/W4Z7e3UcUwPS+PdbmK6OTPHjk6t9uP6kI6MDxfTajVgcwsOziiu7bGN1tXN2H7AgWm7UR/E9gNOv+XxWqma3KrNCxbXAtxe2+q4UQO2NNW6vrqK7yFvr/V4M755fMAGJjjKe6tb9KSq8RQdly2T7tVGT8IvYdZCipjezv/WcTJLkMQ5n8f2VN8StO3u/xE6cG8cg7meMa53J0zGLzDsySDMZBTXepU5QyrJemsZxNmHf0+epJHl68gnsl5I5sxHyk75+WqqQG9N8DGdHF89rnH9x5UMpsOxbFM1O7PBWkMp0FuLoE7vMT305Tt1i/VSus5iOOq0gVfXOB9355PNi1B7mJtWC+ktLlWntaO5cVCmg3mv15uNRuv/9ufLyVpprP9d/TFskW7+si6xjIDohtEr3ECd2u7X9vwYIVacOMkkYBP7RiKKNnkZdRHoXpKTGKvYAMAYrOeCYtCY29+qzLUQ7BLQUbON2nD5MOPGp4VCS+or6yPg8+w26Ad0LXEM+CALDQrRVXS7KHD540H0BH3FzDHLkfH5wazfK0YLbmqzBsz9m3FxGUb7wshmZXyarX2IxehROVQQ0XN6B6E+xWi2Fkyai8AIGHcvDkq7iFC97LucuJTrEItPVwenXGLQnj2uWSrR3ERVfPJ3dAAF1lS0L/8uNzSZKBjcRozcmXfHX5DdG+rj2d/BxOWc7YNz7iz73db5Vya3h3q7M2q1Wt1ud7b+33hcz9yhzpEjR44cOXLkyJEjh0H8ByMJ8u+aLBzeAAAAAElFTkSuQmCC

  • Security: For sensitive files (such as malware), select Password Protect Zip. This automatically encrypts the saved ZIP archive created using Save To Case Wall with the password infected.

Playbook block configuration

The following configuration demonstrates how to use the Execute HTTP Request action within a playbook block. Use this example to understand how to apply placeholders and input prefixes.

When using block inputs as placeholders, you must include the Input. prefix (for example, [Input.comment]).

  • Method: PUT

  • URL Path:

    https://{API_URL}/[Input.table_name]/[Input.sys_id]

  • Headers:

    {
  "Content-type": "application/json; charset=utf-8",
  "Accept": "application/json",
  "User-Agent": "GoogleSecops"
}

  • Body Payload:

    {
  "work_notes": "[Input.comment]"
}

Action inputs

The Execute HTTP Request action requires the following parameters:

Parameter Description
Method

Optional.

The HTTP method (verb) used for the request.

The possible values are as follows:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
  • HEAD
  • OPTIONS

The default value is GET.
URL Path

Required.

The API endpoint where the request executes. This path can optionally include query parameters.
URL Params

Optional.

The query parameters for the URL, provided as a JSON object.

This is the recommended input method for this parameter, as they are appended to any query parameters already defined in URL Path.
Headers

Optional.

The headers for the HTTP request, provided as a JSON object.

Headers control aspects such as authentication and define the format of Body Payload (using Content-Type).
Cookie

Optional.

The cookies constructed into the HTTP Cookie header, provided as a JSON object.

This parameter overrides any cookie values provided in Headers.
Body Payload

Optional.

The content payload for the HTTP request, provided as a JSON object.

The request's format (JSON or form-urlencoded) is determined by the Content-Type set in Headers.
Expected Response Values

Optional.

The JSON object containing the field-value pairs that define the required state of the response body.
Save To Case Wall

Optional.

If selected, the action saves the response data as a file and attaches it to the case wall.

The file is archived with a .zip extension. This zip is not password protected unless Password Protect Zip is enabled.
Password Protect Zip

Optional.

If selected, the action encrypts the downloaded ZIP archive (created using Save To Case Wall) with a password (such as infected).

Use this option when dealing with suspicious or potentially malicious files to prevent accidental execution.

Enabled by default.
Follow Redirects

Optional.

If selected, the action automatically follows any HTTP redirect responses (such as 301 or 302 status codes) to the final destination URL.

Enabled by default.
Fail on 4xx/5xx

Optional.

If selected, the action explicitly fails the step when the HTTP response returns a client Error (4xx) or server Error (5xx) status code.

Enabled by default.
Base64 Output

Optional.

If selected, the action converts the HTTP response body into a Base64 encoded string. This is useful for processing or storing downloaded files.

The encoded string can't exceed 15 MB.
Fields To Return

Required.

A comma-separated list of fields that the action returns in the output.

The possible values are as follows:

  • response_data
  • redirects
  • response_code
  • response_cookies
  • response_headers
  • apparent_encoding

The default value is response_data,redirects,response_code,response_cookies,response_headers,apparent_encoding.
Request Timeout

Required.

The maximum time, in seconds, the action waits for the server to send data before the request is aborted.

The default value is 120.

Action outputs

The Execute HTTP Request action provides the following outputs:

Action output type Availability
Case wall attachment Not available
Case wall link Not available
Case wall table Not available
Enrichment table Not available
JSON result Available
Output messages Available
Script result. Available
JSON result

The following example shows the JSON result output received when using the Execute HTTP Request action:

{
   "response_data": {
       "data": {
           "relationships": {
               "comment": [
                   {
                       "name": "example_resource_name",
                       "description": "Description of the object to which the comment belongs."
                   },
                   {
                       "name": "example_user_role",
                       "description": "Description of the user role associated with the comment."
                   }
               ]
           }
       }
   },
   "redirects": [],
   "response_code": 200,
   "cookies": {},
   "response_headers": {
       "Content-Type": "application/json",
       "X-Cloud-Trace-Context": "REDACTED_TRACE_ID",
       "Date": "REDACTED_DATE_TIME",
       "Server": "REDACTED_SERVER_NAME",
       "Content-Length": "REDACTED_VALUE"
   },
   "apparent_encoding": "ascii"
}
Output messages

The Execute HTTP Request action can return the following output messages:

Output message Message description

Successfully executed API request.

Successfully executed API request, but the status code 4xx_OR_5xx was returned. Please check the request or try again later.

 The action succeeded.
Failed to execute API request. Error: ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Execute HTTP Request action:

Script result name Value
is_success true or false

Get Authorization

Use the Get Authorization action to initiate the OAuth flow and obtain a link that contains the required access code for delegated authentication.

This action doesn't run on Google SecOps entities.

Action inputs

The Get Authorization action requires the following parameters:

Parameter Description
Oauth Scopes

Required.

A comma-separated list of permissions (scopes) that define the level of access for the access and refresh tokens.

The default value is user.read, offline_access.

Action outputs

The Get Authorization action provides the following outputs:

Action output type Availability
Case wall attachment Not available
Case wall link Not available
Case wall table Not available
Enrichment table Not available
JSON result Not available
Output messages Available
Script result. Available
Output messages

The Get Authorization action can return the following output messages:

Output message Message description

Authorization URL generated successfully. To obtain a URL with access code,Please navigate to the link below as the user that you want to run the integration with., to get a URL with access code. Provide the URL with the access code should be provided next in the Generate Token action.

 The action succeeded.
Failed to generate the authorization URL! Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Get Authorization action:

Script result name Value
is_success true or false

Generate Token

Use the Generate Token action to obtain a persistent refresh token required for delegated authentication.

This token is generated using the authorization URL received from the Get Authorization action.

This action doesn't run on Google SecOps entities.

Action inputs

The Generate Token action requires the following parameters:

Parameter Description
Authorization URL

Required.

The full redirected URL containing the authorization code received from the Get Authorization action. This URL is used to request and generate the refresh token.

Action outputs

The Generate Token action provides the following outputs:

Action output type Availability
Case wall attachment Not available
Case wall link Not available
Case wall table Not available
Enrichment table Not available
JSON result Not available
Output messages Available
Script result. Available
Output messages

The Generate Token action can return the following output messages:

Output message Message description

Successfully fetched the refresh token: TOKEN_VALUE. Enter this token in the integration configuration to enable the integration to authenticate with delegated permissions on behalf of the user that performed the configuration steps. Note: We strongly recommend you configure the "Refresh Token Renewal Job" after you generate the initial refresh token so the job automatically renews and keeps the token valid.

 The action succeeded.
Failed to get the refresh token! Error is ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Generate Token action:

Script result name Value
is_success true or false

Ping

Use the Ping action to test the connectivity to Azure API.

This action doesn't run on Google SecOps entities.

Action inputs

None.

Action outputs

The Ping action provides the following outputs:

Action output type Availability
Case wall attachment Not available
Case wall link Not available
Case wall table Not available
Enrichment table Not available
JSON result Available
Output messages Available
Script result. Available
JSON result

The following example shows the JSON result output received when using the Ping action:

{
    "endpoint": "https://api.example-cloud-provider.com/v1.0/health"
}
Output messages

The Ping action can return the following output messages:

Output message Message description

Successfully tested connectivity.

 The action succeeded.
Failed to test connectivity. ERROR_REASON

The action failed.

Check the connection to the server, input parameters, or credentials.
Script result

The following table lists the value for the script result output when using the Ping action:

Script result name Value
is_success true or false

Jobs

For more information on jobs, see Configure a new job and Advanced scheduling.

Refresh Token Renewal Job

Use the Refresh Token Renewal Job to periodically update the refresh token configured for the integration.

By default, the refresh token expires every 90 days. We recommended you to configure this job to automatically run every 7 or 14 days to keep the refresh token up to date.

Job parameters

The Refresh Token Renewal Job requires the following parameters:

Parameter Description
Integration Environments

Optional.

A comma-separated list of integration environment names for which the job updates refresh tokens.

Each environment name must be enclosed in double quotes.

Need more help? Get answers from Community members and Google SecOps professionals.