Publisher: SEKOIA.IO
Connector Version: 1.0.1
Product Vendor: SEKOIA.IO
Product Name: sekoia.io
Product Version Supported (regex): ".*"
Minimum Product Version: 6.1.1.211
This app will interact with SEKOIA.IO
Develop a Splunk SOAR App that interact with SEKOIA.IO CTI.
To interact with the SEKOIA.IO API, use an API key.
see this documentation for more information
The App should implement the following actions
This action allow the user to get an indicator according to some criteria
Create an action that allow the user to get the context of an indicator
Create an action that allow the user to get an observable according to some criteria
The app uses HTTP/ HTTPS protocol for communicating with the Sekoiaio api. Below are the default ports used by Splunk SOAR.
| Service Name | Transport Protocol | Port |
|---|---|---|
| http | tcp | 80 |
| https | tcp | 443 |
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a sekoia.io asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| base_url | required | string | The SEKOIA API base url |
| api_key | required | password | The SEKOIA API key |
| verify_server_cert | optional | boolean | Verify server SSL (Default: true) |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
get indicator - Get an indicator according to some criteria
get indicator context - Get the context of an indicator
get observable - Get an observable according to some criteria
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Get an indicator according to some criteria
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| value | optional | Value of the indicator | string | |
| type | optional | Type of the indicator | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.value | string | ||
| action_result.parameter.type | string | ||
| action_result.status | string | ||
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric | ||
| action_result.data | string | ||
| action_result.summary.num_data | numeric |
Get the context of an indicator
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| value | optional | Value of the indicator | string | |
| type | optional | Type of the indicator | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.value | string | ||
| action_result.parameter.type | string | ||
| action_result.status | string | ||
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric | ||
| action_result.data | string | ||
| action_result.summary.num_data | numeric |
Get an observable according to some criteria
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| value | optional | Value of the indicator | string | |
| type | optional | Type of the indicator | string | |
| limit | optional | Set the limit of items (Default:20) | numeric |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.value | string | ||
| action_result.parameter.type | string | ||
| action_result.parameter.limit | numeric | ||
| action_result.status | string | ||
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric | ||
| action_result.data | string | ||
| action_result.summary.num_data_get_observable | numeric |