Site24x7
整合版本:3.0
如何設定整合
請選取下列其中一個值做為 API 根目錄:
- 美國 - https://www.site24x7.com/api
- 歐洲 - https://www.site24x7.eu
- 中國 - https://www.site24x7.cn
- 印度 - https://www.site24x7.in
- 澳洲 - https://www.site24x7.net.au/api
前往 Zoho API 控制台:
按一下「新增用戶端」。
建立 Self Client。
前往「Client Secret」分頁,然後複製「Client ID」和「Client Secret」。
在整合設定中提供「用戶端 ID」和「用戶端密鑰」。
前往「產生程式碼」分頁,提供下列範圍:「Site24x7.Operations.Read,Site24x7.Admin.Read」和一些自訂「範圍說明」。
按下「建立」按鈕並複製授權碼。
前往「Generate Refresh Token」(產生更新權杖) 動作,提供授權碼並執行。
從 JSON 結果複製 "refresh_token",然後將值放入整合設定中的「Refresh Token」。
在 Google Security Operations 中設定 Site24x7 整合
如需在 Google SecOps 中設定整合功能的詳細操作說明,請參閱「設定整合功能」。
整合參數
請使用下列參數設定整合:
| 參數顯示名稱 | 類型 | 預設值 | 為必填項目 | 說明 |
|---|---|---|---|---|
| API 根層級 | 字串 | https://www.site24x7.{region} | 是 | Site24x7 執行個體的 API 根目錄。 |
| 用戶端 ID | 字串 | 不適用 | 是 | Site24x7 執行個體的用戶端 ID。 |
| 用戶端密鑰 | 密碼 | 不適用 | 是 | Site24x7 執行個體的用戶端密鑰。 |
| 更新權杖 | 密碼 | 不適用 | 是 | Site24x7 執行個體的重新整理權杖。 |
| 驗證 SSL | 核取方塊 | 已勾選 | 是 | 啟用後,系統會驗證連線至 Site24x7 伺服器的 SSL 憑證是否有效。 |
動作
乒乓
說明
使用 Google Security Operations Marketplace 分頁中整合設定頁面提供的參數,測試與 Site24x7 的連線。
執行時間
這項操作不會對實體執行。
動作執行結果
指令碼執行結果
| 指令碼結果名稱 | 值選項 |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
案件總覽
| 案件 | 成功 | 失敗 | 訊息 |
|---|---|---|---|
| 如果成功 | 是 | false | 已使用提供的連線參數,成功連線至 Site24x7 伺服器! |
| 失敗 | false | 是 | 無法連線至 Site24x7 伺服器!Error: {0}".format(exception.stacktrace) |
產生更新權杖
說明
產生整合設定所需的更新權杖。
參數
| 參數顯示名稱 | 類型 | 預設值 | 為必填項目 | 說明 |
|---|---|---|---|---|
| 授權碼 | 密碼 | 不適用 | 是 | 指定授權碼。 |
執行時間
這項動作不會在實體上執行,也沒有強制輸入參數。
動作執行結果
指令碼執行結果
| 指令碼結果名稱 | 值選項 |
|---|---|
| is_success | is_success=False |
| is_success | is_success=True |
JSON 結果
{
"refresh_token": "{refresh token}"
}
``` ##### Case Wall
<table>
<thead>
<tr>
<th>Result type</th>
<th>Value/Description</th>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>Output message*</td>
<td><p><strong>The action should not fail nor stop a playbook execution:</strong><br><strong>if successful and no "error" in the response:</strong> <em></em> "Successfully generated the refresh token. Copy that refresh token and put it in the Integration configuration."</p><p><em></em></p><p><strong>The action should fail and stop a playbook execution:</strong><br><strong>if not successful:</strong> "Error executing action "{}". Reason: " {0}".format(exception.stacktrace)<br><strong></strong></p><p><strong>If "error" in the response (fail):</strong> "Error executing action "{}". Reason: " {0}".format(errors)</p></td>
<td>General</td>
</tr>
</tbody>
</table>
## Connector
## Site24x7 - Alerts Log Connector
#### Description
Pull information about alert logs from Site24x7.
#### Known Limitations
1. If the monitor has a whitespace in it, the connector won't be able to
extract it. Example: "backup site".
1. If the monitor name is "Critical", "Down", "Up" or "Trouble", the connector
may return unexpected results.
#### Configure Site24x7 - Alerts Log Connector in Google SecOps
For detailed instructions on how to configure a connector in
Google SecOps, see [Configuring the
connector](/chronicle/docs/soar/ingest/connectors/ingest-your-data-connectors).
##### Connector parameters
Use the following parameters to configure the connector:
<table>
<thead>
<tr>
<th>Parameter Display Name</th>
<th>Type</th>
<th>Default Value</th>
<th>Is Mandatory</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Product Field Name</td>
<td>String</td>
<td>Product Name</td>
<td>Yes</td>
<td>Enter the source field name in order to retrieve the Product Field name.</td>
</tr>
<tr>
<td>Event Field Name</td>
<td>String</td>
<td>eventType</td>
<td>Yes</td>
<td>Enter the source field name in order to retrieve the Event Field name.</td>
</tr>
<tr>
<td>Environment Field Name</td>
<td>String</td>
<td>""</td>
<td>No</td>
<td><p>Describes the name of the field where the environment name is stored.</p>
<p>If the environment field isn't found, the environment is the default environment.</p></td>
</tr>
<tr>
<td>Environment Regex Pattern</td>
<td>String</td>
<td>.*</td>
<td>No</td>
<td><p>A regex pattern to run on the value found in the "Environment Field Name" field.</p>
<p>Default is .* to catch all and return the value unchanged.</p>
<p>Used to allow the user to manipulate the environment field via regex logic.</p>
<p>If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment.</p></td>
</tr>
<tr>
<td>Script Timeout (Seconds)</td>
<td>Integer</td>
<td>180</td>
<td>Yes</td>
<td>Timeout limit for the python process running the current script.</td>
</tr>
<tr>
<td>API Root</td>
<td>String</td>
<td>https://www.site24x7.{region}</td>
<td>Yes</td>
<td><p>API root of the Site24x7 instance. Possible api roots:</p>
<p>United States<br>https://www.site24x7.com</p>
<p>Europe<br>https://www.site24x7.eu</p>
<p>China<br>https://www.site24x7.cn</p>
<p>India<br>https://www.site24x7.in</p>
<p>Australia<br>https://www.site24x7.net.au</p></td>
</tr>
<tr>
<td>Client ID</td>
<td>String</td>
<td>N/A</td>
<td>Yes</td>
<td>Client ID of the Site24x7 instance.</td>
</tr>
<tr>
<td>Client Secret</td>
<td>Password</td>
<td>N/A</td>
<td>Yes</td>
<td>Client Secret of the Site24x7 instance.</td>
</tr>
<tr>
<td>Refresh Token</td>
<td>String</td>
<td></td>
<td>Yes</td>
<td>Site24x7 Refresh token. You can generate this token using action "Get Refresh Token"</td>
</tr>
<tr>
<td>Max Days Backwards</td>
<td>Integer</td>
<td>1</td>
<td>No</td>
<td>Amount of days from where to fetch alert logs.</td>
</tr>
<tr>
<td>Max Alert Logs To Fetch</td>
<td>Integer</td>
<td>10</td>
<td>No</td>
<td>How many alert logs to process per one connector iteration. Default: 100.</td>
</tr>
<tr>
<td>Use whitelist as a blacklist</td>
<td>Checkbox</td>
<td>Checked</td>
<td>Yes</td>
<td>If enabled, whitelist will be used as a blacklist.</td>
</tr>
<tr>
<td>Disable Overflow</td>
<td>Checkbox</td>
<td></td>
<td>Yes</td>
<td>If enabled, the connector will ignore the overflow mechanism.</td>
</tr>
<tr>
<td>Verify SSL</td>
<td>Checkbox</td>
<td>Checked</td>
<td>Yes</td>
<td>If enabled, verify the SSL certificate for the connection to the Site24x7 server is valid.</td>
</tr>
<tr>
<td>Proxy Server Address</td>
<td>String</td>
<td>N/A</td>
<td>No</td>
<td>The address of the proxy server to use.</td>
</tr>
<tr>
<td>Proxy Username</td>
<td>String</td>
<td>N/A</td>
<td>No</td>
<td>The proxy username to authenticate with.</td>
</tr>
<tr>
<td>Proxy Password</td>
<td>Password</td>
<td>N/A</td>
<td>No</td>
<td>The proxy password to authenticate with.</td>
</tr>
</tbody>
</table>
#### Connector rules
##### Proxy support
The connector supports proxy.
Need more help? Get answers from Community members and Google SecOps professionals.