-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
SafeNetTrustedAccessEventCollector.yml
83 lines (83 loc) · 2.61 KB
/
SafeNetTrustedAccessEventCollector.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
category: Authentication & Identity Management
commonfields:
id: SafeNetTrustedAccessEventCollector
version: -1
configuration:
- additionalinfo: The URL consists of the root part of the REST API Endpoint URL provided in SafeNet Trusted Access, and has the form https://api.[name].com
display: URL
name: url
required: true
type: 0
- additionalinfo: Tenant code for your virtual server or account.
display: Tenant Code
name: tenant_code
required: true
type: 0
- display: ""
displaypassword: API Key for the authentication.
name: credentials
type: 9
required: true
hiddenusername: true
- defaultvalue: trusted_access
display: The product name corresponding to the integration that originated the events
name: product
type: 0
required: false
- defaultvalue: safenet
display: The vendor name corresponding to the integration that originated the events
name: vendor
type: 0
required: false
- display: The maximum number of audit logs to fetch. Valid limit is multiples of 1000 and less than 10,000.
name: limit
type: 0
defaultvalue: 1000
required: true
- display: First fetch timestamp
name: first_fetch
type: 0
defaultvalue: 3 days ago
required: false
- name: insecure
display: Trust any certificate (not secure)
type: 8
additionalinfo:
required: false
- name: proxy
display: Use system proxy settings
type: 8
required: false
description: 'Retrieve access, authentication, and audit logs and store them on a Security Information and Event Management (SIEM) system, local repository, or syslog file server. You can retrieve the logs only for the tenant that is associated with the API key, or for a direct or delegated child of that tenant.'
display: 'Thales SafeNet Trusted Access Event Collector'
name: SafeNetTrustedAccessEventCollector
supportlevelheader: xsoar
script:
commands:
- arguments:
- auto: PREDEFINED
defaultValue: 'false'
description: If true, the command will create events, otherwise it will only display them.
name: should_push_events
predefined:
- 'true'
- 'false'
required: true
- description: 'Since date.'
name: since
- description: 'Until date.'
name: until
- description: A string pointing at the next page of results. The marker can be found within the previous response.
name: marker
description: 'Get access, authentication, and audit logs from SafeNet Trusted Access.'
name: sta-get-events
script: '-'
type: python
subtype: python3
isfetchevents: true
dockerimage: demisto/python3:3.10.13.78960
marketplaces:
- marketplacev2
fromversion: 6.8.0
tests:
- No tests (auto formatted)