Site24x7
集成版本:3.0
如何配置集成
作为 API 根,请选择以下值之一:
- 美国 - https://www.site24x7.com/api
- 欧洲 - https://www.site24x7.eu
- 中国 - https://www.site24x7.cn
- 印度 - https://www.site24x7.in
- 澳大利亚 - https://www.site24x7.net.au/api
前往 Zoho API 控制台:
按“添加客户”。
创建自用客户端。
前往“客户端密钥”标签页,然后复制“客户端 ID”和“客户端密钥”。
在集成配置中提供“客户端 ID”和“客户端密钥”。
前往“生成代码”标签页,提供以下范围:“Site24x7.Operations.Read,Site24x7.Admin.Read”和一些自定义“范围说明”。
按 Create(创建)按钮,然后复制授权代码。
前往操作 Generate Refresh Token,提供授权代码并执行该操作。
从 JSON 结果中复制 "refresh_token",并将该值放入集成配置中的 "Refresh Token" 中。
在 Google Security Operations 中配置 Site24x7 集成
有关如何在 Google SecOps 中配置集成的详细说明,请参阅配置集成。
集成参数
使用以下参数配置集成:
| 参数显示名称 | 类型 | 默认值 | 是否为必需属性 | 说明 |
|---|---|---|---|---|
| API 根 | 字符串 | https://www.site24x7.区域} | 是 | Site24x7 实例的 API 根。 |
| 客户端 ID | 字符串 | 不适用 | 是 | Site24x7 实例的客户端 ID。 |
| 客户端密钥 | 密码 | 不适用 | 是 | Site24x7 实例的客户端密钥。 |
| 刷新令牌 | 密码 | 不适用 | 是 | Site24x7 实例的刷新令牌。 |
| 验证 SSL | 复选框 | 勾选 | 是 | 如果启用,则验证与 Site24x7 服务器的连接的 SSL 证书是否有效。 |
操作
Ping
说明
使用 Google Security Operations Marketplace 标签页中的集成配置页面上提供的参数,测试与 Site24x7 的连接。
运行于
此操作不会在实体上运行。
操作执行结果
脚本结果
| 脚本结果名称 | 值选项 |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
案例墙
| 场景 | 成功 | 失败 | 消息 |
|---|---|---|---|
| 如果成功 | true | false | 已使用提供的连接参数成功连接到 Site24x7 服务器! |
| 不成功 | false | true | 未能连接到 Site24x7 服务器!错误:{0}".format(exception.stacktrace) |
生成刷新令牌
说明
生成集成配置所需的刷新令牌。
参数
| 参数显示名称 | 类型 | 默认值 | 是否为必需属性 | 说明 |
|---|---|---|---|---|
| 授权代码 | 密码 | 不适用 | 是 | 指定授权代码。 |
运行于
此操作不会在实体上运行,也没有强制性输入参数。
操作执行结果
脚本结果
| 脚本结果名称 | 值选项 |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON 结果
{
"refresh_token": "{refresh token}"
}
``` ##### Case Wall
<table>
<thead>
<tr>
<th>Result type</th>
<th>Value/Description</th>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>Output message*</td>
<td><p><strong>The action should not fail nor stop a playbook execution:</strong><br><strong>if successful and no "error" in the response:</strong> <em></em> "Successfully generated the refresh token. Copy that refresh token and put it in the Integration configuration."</p><p><em></em></p><p><strong>The action should fail and stop a playbook execution:</strong><br><strong>if not successful:</strong> "Error executing action "{}". Reason: " {0}".format(exception.stacktrace)<br><strong></strong></p><p><strong>If "error" in the response (fail):</strong> "Error executing action "{}". Reason: " {0}".format(errors)</p></td>
<td>General</td>
</tr>
</tbody>
</table>
## Connector
## Site24x7 - Alerts Log Connector
#### Description
Pull information about alert logs from Site24x7.
#### Known Limitations
1. If the monitor has a whitespace in it, the connector won't be able to
extract it. Example: "backup site".
1. If the monitor name is "Critical", "Down", "Up" or "Trouble", the connector
may return unexpected results.
#### Configure Site24x7 - Alerts Log Connector in Google SecOps
For detailed instructions on how to configure a connector in
Google SecOps, see [Configuring the
connector](/chronicle/docs/soar/ingest/connectors/ingest-your-data-connectors).
##### Connector parameters
Use the following parameters to configure the connector:
<table>
<thead>
<tr>
<th>Parameter Display Name</th>
<th>Type</th>
<th>Default Value</th>
<th>Is Mandatory</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Product Field Name</td>
<td>String</td>
<td>Product Name</td>
<td>Yes</td>
<td>Enter the source field name in order to retrieve the Product Field name.</td>
</tr>
<tr>
<td>Event Field Name</td>
<td>String</td>
<td>eventType</td>
<td>Yes</td>
<td>Enter the source field name in order to retrieve the Event Field name.</td>
</tr>
<tr>
<td>Environment Field Name</td>
<td>String</td>
<td>""</td>
<td>No</td>
<td><p>Describes the name of the field where the environment name is stored.</p>
<p>If the environment field isn't found, the environment is the default environment.</p></td>
</tr>
<tr>
<td>Environment Regex Pattern</td>
<td>String</td>
<td>.*</td>
<td>No</td>
<td><p>A regex pattern to run on the value found in the "Environment Field Name" field.</p>
<p>Default is .* to catch all and return the value unchanged.</p>
<p>Used to allow the user to manipulate the environment field via regex logic.</p>
<p>If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment.</p></td>
</tr>
<tr>
<td>Script Timeout (Seconds)</td>
<td>Integer</td>
<td>180</td>
<td>Yes</td>
<td>Timeout limit for the python process running the current script.</td>
</tr>
<tr>
<td>API Root</td>
<td>String</td>
<td>https://www.site24x7.{region}</td>
<td>Yes</td>
<td><p>API root of the Site24x7 instance. Possible api roots:</p>
<p>United States<br>https://www.site24x7.com</p>
<p>Europe<br>https://www.site24x7.eu</p>
<p>China<br>https://www.site24x7.cn</p>
<p>India<br>https://www.site24x7.in</p>
<p>Australia<br>https://www.site24x7.net.au</p></td>
</tr>
<tr>
<td>Client ID</td>
<td>String</td>
<td>N/A</td>
<td>Yes</td>
<td>Client ID of the Site24x7 instance.</td>
</tr>
<tr>
<td>Client Secret</td>
<td>Password</td>
<td>N/A</td>
<td>Yes</td>
<td>Client Secret of the Site24x7 instance.</td>
</tr>
<tr>
<td>Refresh Token</td>
<td>String</td>
<td></td>
<td>Yes</td>
<td>Site24x7 Refresh token. You can generate this token using action "Get Refresh Token"</td>
</tr>
<tr>
<td>Max Days Backwards</td>
<td>Integer</td>
<td>1</td>
<td>No</td>
<td>Amount of days from where to fetch alert logs.</td>
</tr>
<tr>
<td>Max Alert Logs To Fetch</td>
<td>Integer</td>
<td>10</td>
<td>No</td>
<td>How many alert logs to process per one connector iteration. Default: 100.</td>
</tr>
<tr>
<td>Use whitelist as a blacklist</td>
<td>Checkbox</td>
<td>Checked</td>
<td>Yes</td>
<td>If enabled, whitelist will be used as a blacklist.</td>
</tr>
<tr>
<td>Disable Overflow</td>
<td>Checkbox</td>
<td></td>
<td>Yes</td>
<td>If enabled, the connector will ignore the overflow mechanism.</td>
</tr>
<tr>
<td>Verify SSL</td>
<td>Checkbox</td>
<td>Checked</td>
<td>Yes</td>
<td>If enabled, verify the SSL certificate for the connection to the Site24x7 server is valid.</td>
</tr>
<tr>
<td>Proxy Server Address</td>
<td>String</td>
<td>N/A</td>
<td>No</td>
<td>The address of the proxy server to use.</td>
</tr>
<tr>
<td>Proxy Username</td>
<td>String</td>
<td>N/A</td>
<td>No</td>
<td>The proxy username to authenticate with.</td>
</tr>
<tr>
<td>Proxy Password</td>
<td>Password</td>
<td>N/A</td>
<td>No</td>
<td>The proxy password to authenticate with.</td>
</tr>
</tbody>
</table>
#### Connector rules
##### Proxy support
The connector supports proxy.
Need more help? Get answers from Community members and Google SecOps professionals.