Securonix.yml

category: Analytics & SIEM
commonfields:
  id: Securonix
  version: -1
configuration:
- display: Host (Overrides the default hostname, https://{tenant}.net/Snypr)
  name: host
  type: 0
  required: false
- display: Tenant
  name: tenant
  required: true
  type: 0
- display: Username
  name: username
  required: true
  type: 0
- display: Password
  name: password
  required: true
  type: 4
- additionalinfo: The type of Securonix entity to fetch. Supported entities are "Incident" and "Threat".
  defaultvalue: Incident
  display: Type of entity to fetch
  name: entity_type_to_fetch
  options:
  - Incident
  - Threat
  type: 15
  required: false
- additionalinfo: Name of the tenant to fetch threats from. This parameter is optional for Non MSSP users.
  display: Tenant Name
  name: tenant_name
  type: 0
  required: false
- display: Fetch incidents
  name: isFetch
  type: 8
  required: false
- additionalinfo: |-
    Selecting "all" will fetch incidents updated in the given time range.
    Selecting "opened" will fetch incidents opened in the given time range.
    Selecting "closed" will fetch incidents closed in the given time range.
  defaultvalue: opened
  display: Incidents to fetch
  name: incident_status
  options:
  - All
  - opened
  - closed
  type: 15
  required: false
- display: Set default incident severity
  name: default_severity
  options:
  - Low
  - Medium
  - High
  type: 15
  required: false
- display: Incident type
  name: incidentType
  type: 13
  required: false
- additionalinfo: |-
    The date or relative timestamp from where to start fetching incidents.

    Supported formats: <number> <time unit>, e.g., 1 hour, 30 minutes, 7 days, 3 months, 1 year.
  defaultvalue: 1 hour
  display: First fetch time range
  name: fetch_time
  type: 0
  required: false
- defaultvalue: '200'
  additionalinfo: If the value is greater than 200, it will be considered as 200. The maximum is 200.
  display: The maximum number of incidents to fetch each time.
  name: max_fetch
  type: 0
  required: false
- additionalinfo: The mirroring direction in which to mirror the incidents. You can mirror "Incoming" (from Securonix to XSOAR), "Outgoing" (from XSOAR to Securonix), or in both directions.
  defaultvalue: None
  display: Incident Mirroring Direction
  name: mirror_direction
  options:
  - None
  - Incoming
  - Outgoing
  - Incoming And Outgoing
  type: 15
  required: false
- additionalinfo: |-
    If enabled, the integration will close the respective Securonix
    incident after fetching it in XSOAR. Following fields will be required for 
    this functionality:

    1. Securonix action name to map with XSOAR's active state for Outgoing mirroring
    2. Securonix status to map with XSOAR's active state for Outgoing mirroring
    3. Securonix action name to map with XSOAR's closed state for Outgoing mirroring
    4. Securonix status to map with XSOAR's closed state for Outgoing mirroring
  display: Close respective Securonix incident after fetching
  name: close_incident
  type: 8
  required: false
- additionalinfo: If the Securonix incident is in any one of the state mentioned here, then the incident will be Closed on XSOAR. Supports comma-separated values.
  display: Securonix workflow state(s) that can be considered as Close state in XSOAR for Incoming mirroring
  name: close_states_of_securonix
  type: 0
  required: false
- additionalinfo: Provide an action name to map with XSOAR's active state. E.g. IN PROGRESS
  display: Securonix action name to map with XSOAR's active state for Outgoing mirroring
  name: active_state_action_mapping
  type: 0
  required: false
- additionalinfo: Provide a workflow status to map with XSOAR's active state. E.g. In Progress
  display: Securonix status to map with XSOAR's active state for Outgoing mirroring
  name: active_state_status_mapping
  type: 0
  required: false
- additionalinfo: Provide an action name to map with XSOAR's Closed state. E.g. CLOSED
  display: Securonix action name to map with XSOAR's closed state for Outgoing mirroring
  name: closed_state_action_mapping
  type: 0
  required: false
- additionalinfo: Provide a workflow status to map with XSOAR's closed state. E.g. Completed
  display: Securonix status to map with XSOAR's closed state for Outgoing mirroring
  name: closed_state_status_mapping
  type: 0
  required: false
- additionalinfo: Choose the tag to add to an entry to mirror it as a comment in Securonix.
  defaultvalue: comment
  display: Comment Entry Tag
  name: comment_tag
  type: 0
  required: false
- additionalinfo: Numbers of retries to be performed. (Recommended is 3)
  defaultvalue: '3'
  display: Securonix Retry Count
  name: securonix_retry_count
  options:
  - '0'
  - '1'
  - '2'
  - '3'
  - '4'
  - '5'
  type: 15
  required: false
- additionalinfo: The delay between two retries. Range in 30 to 300 Seconds (5 minutes). Anything less than 30 seconds is considered 30 seconds, and anything more than 300 seconds is considered 300 seconds. (Recommended is 30 seconds)
  defaultvalue: '30'
  display: Securonix Retry Delay
  name: securonix_retry_delay
  type: 0
  required: false
- additionalinfo: Delay type of retry mechanism. (Recommended is Exponential)
  defaultvalue: Exponential
  display: Securonix Retry Delay Type
  name: securonix_retry_delay_type
  options:
  - Exponential
  - Fixed
  type: 15
  required: false
- display: Trust any certificate (not secure)
  name: unsecure
  type: 8
  required: false
- display: Use system proxy settings
  name: proxy
  type: 8
  required: false
description: Use the Securonix integration to manage incidents, threats, lookup tables, whitelists and watchlists.
display: Securonix
name: Securonix
script:
  commands:
  - description: Gets a list of all available workflows.
    name: securonix-list-workflows
    outputs:
    - contextPath: Securonix.Workflows.Workflow
      description: Workflow name.
      type: String
    - contextPath: Securonix.Workflows.Type
      description: Workflow type.
      type: String
    - contextPath: Securonix.Workflows.Value
      description: Workflow value.
      type: String
  - arguments:
    - description: Workflow name.
      name: workflow
      required: true
    description: Gets the default assignee for the specified workflow.
    name: securonix-get-default-assignee-for-workflow
    outputs:
    - contextPath: Securonix.Workflows.Workflow
      description: Workflow name.
      type: String
    - contextPath: Securonix.Workflows.Type
      description: Workflow type.
      type: String
    - contextPath: Securonix.Workflows.Value
      description: Workflow value.
      type: String
  - description: Gets a list available threat actions.
    name: securonix-list-possible-threat-actions
    outputs:
    - contextPath: Securonix.ThreatActions
      description: A list of threat actions.
      type: String
  - description: Gets a list of all policies.
    name: securonix-list-policies
    outputs:
    - contextPath: Securonix.Policies.CreatedBy
      description: Creator of the policy.
      type: String
    - contextPath: Securonix.Policies.CreatedOn
      description: Policy created date.
      type: Date
    - contextPath: Securonix.Policies.Criticality
      description: Policy criticality.
      type: String
    - contextPath: Securonix.Policies.Description
      description: Policy description.
      type: String
    - contextPath: Securonix.Policies.Hql
      description: Policy Hibernate Query Language.
      type: String
    - contextPath: Securonix.Policies.ID
      description: Policy ID.
      type: String
    - contextPath: Securonix.Policies.Name
      description: Policy name.
      type: String
  - description: Gets a list of resource groups.
    name: securonix-list-resource-groups
    outputs:
    - contextPath: Securonix.ResourceGroups.Name
      description: Resource group name.
      type: String
    - contextPath: Securonix.ResourceGroups.Type
      description: Resource group type.
      type: String
  - description: Gets a list of users.
    name: securonix-list-users
    outputs:
    - contextPath: Securonix.Users.LastName
      description: User last name.
      type: String
    - contextPath: Securonix.Users.SkipEncryption
      description: Whether user encryption was skipped.
      type: String
    - contextPath: Securonix.Users.Riskscore
      description: User risk score.
      type: String
    - contextPath: Securonix.Users.EmployeeID
      description: User Employee ID.
      type: String
    - contextPath: Securonix.Users.Masked
      description: Whether the user is masked.
      type: String
    - contextPath: Securonix.Users.Division
      description: User division.
      type: String
    - contextPath: Securonix.Users.Criticality
      description: User criticality.
      type: String
    - contextPath: Securonix.Users.Status
      description: User status.
      type: String
    - contextPath: Securonix.Users.Department
      description: User department.
      type: String
    - contextPath: Securonix.Users.Title
      description: User title.
      type: String
    - contextPath: Securonix.Users.FirstName
      description: User first name.
      type: String
    - contextPath: Securonix.Users.Email
      description: User email address.
      type: String
  - arguments:
    - description: Start date/time for which to retrieve activity data (in the format MM/dd/yyyy HH:mm:ss).
      name: from
      required: true
    - description: End date/time for which to retrieve activity data (in the format MM/dd/yyyy HH:mm:ss).
      name: to
      required: true
    - description: Free-text query. For example, query=?resourcegroupname=WindowsSnare and policyname=Possible Privilege Escalation - Self Escalation?.
      name: query
    description: Gets a list of activity data for the specified resource group.
    name: securonix-list-activity-data
    outputs:
    - contextPath: Securonix.ActivityData.Accountname
      description: Account name.
      type: String
    - contextPath: Securonix.ActivityData.Agentfilename
      description: Agent file name.
      type: String
    - contextPath: Securonix.ActivityData.Categorybehavior
      description: Category behavior.
      type: String
    - contextPath: Securonix.ActivityData.Categoryobject
      description: Category object.
      type: String
    - contextPath: Securonix.ActivityData.Categoryseverity
      description: Category severity.
      type: String
    - contextPath: Securonix.ActivityData.Collectionmethod
      description: Collection method.
      type: String
    - contextPath: Securonix.ActivityData.Collectiontimestamp
      description: Collection timestamp.
      type: String
    - contextPath: Securonix.ActivityData.Destinationprocessname
      description: Destination process name.
      type: String
    - contextPath: Securonix.ActivityData.Destinationusername
      description: Destination username.
      type: String
    - contextPath: Securonix.ActivityData.Deviceaddress
      description: Device address.
      type: String
    - contextPath: Securonix.ActivityData.Deviceexternalid
      description: Device external ID.
      type: String
    - contextPath: Securonix.ActivityData.Devicehostname
      description: Device hostname.
      type: String
    - contextPath: Securonix.ActivityData.EventID
      description: Event ID.
      type: String
    - contextPath: Securonix.ActivityData.Eventoutcome
      description: Event outcome.
      type: String
    - contextPath: Securonix.ActivityData.Eventtime
      description: Time the event occurred.
      type: String
    - contextPath: Securonix.ActivityData.Filepath
      description: File path.
      type: String
    - contextPath: Securonix.ActivityData.Ingestionnodeid
      description: Ingestion node ID.
      type: String
    - contextPath: Securonix.ActivityData.JobID
      description: Job ID.
      type: String
    - contextPath: Securonix.ActivityData.Jobstarttime
      description: Job start time.
      type: String
    - contextPath: Securonix.ActivityData.Message
      description: Message.
      type: String
    - contextPath: Securonix.ActivityData.Publishedtime
      description: Published time.
      type: String
    - contextPath: Securonix.ActivityData.Receivedtime
      description: Received time.
      type: String
    - contextPath: Securonix.ActivityData.Resourcename
      description: Resource name.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupCategory
      description: Resource group category.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupFunctionality
      description: Resource group functionality.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupID
      description: Resource group ID.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupName
      description: Resource group name.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupTypeID
      description: Resource group resource type ID.
      type: String
    - contextPath: Securonix.ActivityData.ResourceGroupVendor
      description: Resource group vendor.
      type: String
    - contextPath: Securonix.ActivityData.Sourcehostname
      description: Source hostname.
      type: String
    - contextPath: Securonix.ActivityData.Sourceusername
      description: Source username.
      type: String
    - contextPath: Securonix.ActivityData.TenantID
      description: Tenant ID.
      type: String
    - contextPath: Securonix.ActivityData.Tenantname
      description: Tenant name.
      type: String
    - contextPath: Securonix.ActivityData.Timeline
      description: Time when the activity occurred, in Epoch time.
      type: String
  - arguments:
    - description: Start date/time for which to retrieve activity data (in the format MM/dd/yyyy HH:mm:ss).
      name: from
      required: true
    - description: End date/time for which to retrieve activity data (in the format MM/dd/yyyy HH:mm:ss).
      name: to
      required: true
    - description: Free-text query. For example, query="resourcegroupname=WindowsSnare and policyname=Possible Privilege Escalation - Self Escalation"."
      name: query
    - description: Paginate next set of results.
      name: query_id
    description: Gets a list activity data for an account name.
    name: securonix-list-violation-data
    polling: true
    outputs:
    - contextPath: Securonix.ViolationData.Accountname
      description: Account name.
      type: String
    - contextPath: Securonix.ViolationData.Agentfilename
      description: Agent file name.
      type: String
    - contextPath: Securonix.ViolationData.Baseeventid
      description: Base event ID.
      type: String
    - contextPath: Securonix.ViolationData.Categorybehavior
      description: Category behavior.
      type: String
    - contextPath: Securonix.ViolationData.Category
      description: Violation category.
      type: String
    - contextPath: Securonix.ViolationData.Categoryobject
      description: Category object.
      type: String
    - contextPath: Securonix.ViolationData.Categoryseverity
      description: Category severity.
      type: String
    - contextPath: Securonix.ViolationData.Destinationaddress
      description: Destination address.
      type: String
    - contextPath: Securonix.ViolationData.Destinationntdomain
      description: Destination nt domain.
      type: String
    - contextPath: Securonix.ViolationData.Destinationuserid
      description: Destination user ID.
      type: String
    - contextPath: Securonix.ViolationData.Gestinationusername
      description: Destination username.
      type: String
    - contextPath: Securonix.ViolationData.Deviceaddress
      description: Device address.
      type: String
    - contextPath: Securonix.ViolationData.Deviceeventcategory
      description: Device event category.
      type: String
    - contextPath: Securonix.ViolationData.Deviceexternalid
      description: Device external ID.
      type: String
    - contextPath: Securonix.ViolationData.Devicehostname
      description: Device hostname.
      type: String
    - contextPath: Securonix.ViolationData.EventID
      description: Event ID.
      type: String
    - contextPath: Securonix.ViolationData.Eventoutcome
      description: Event outcome.
      type: String
    - contextPath: Securonix.ViolationData.Eventtime
      description: Time the event occurred.
      type: String
    - contextPath: Securonix.ViolationData.Generationtime
      description: Time that the violation was generated in Securonix.
      type: String
    - contextPath: Securonix.ViolationData.Invalid
      description: Whether the violation is valid.
      type: String
    - contextPath: Securonix.ViolationData.JobID
      description: Job ID.
      type: String
    - contextPath: Securonix.ViolationData.Jobstarttime
      description: Job start time.
      type: String
    - contextPath: Securonix.ViolationData.Policyname
      description: Policy name.
      type: String
    - contextPath: Securonix.ViolationData.Resourcename
      description: Resource name.
      type: String
    - contextPath: Securonix.ViolationData.ResourceGroupID
      description: Resource group ID.
      type: String
    - contextPath: Securonix.ViolationData.ResourceGroupName
      description: Resource group name.
      type: String
    - contextPath: Securonix.ViolationData.Riskscore
      description: Risk score.
      type: String
    - contextPath: Securonix.ViolationData.Riskthreatname
      description: Risk threat name.
      type: String
    - contextPath: Securonix.ViolationData.Sessionid
      description: Session ID.
      type: String
    - contextPath: Securonix.ViolationData.Sourcehostname
      description: Source hostname.
      type: String
    - contextPath: Securonix.ViolationData.Sourcentdomain
      description: Source nt domain.
      type: String
    - contextPath: Securonix.ViolationData.Sourceuserid
      description: Source user ID.
      type: String
    - contextPath: Securonix.ViolationData.Sourceusername
      description: Source username.
      type: String
    - contextPath: Securonix.ViolationData.Sourceuserprivileges
      description: Source user privileges.
      type: String
    - contextPath: Securonix.ViolationData.TenantID
      description: Tenant ID.
      type: String
    - contextPath: Securonix.ViolationData.Tenantname
      description: Tenant name.
      type: String
    - contextPath: Securonix.ViolationData.Timeline
      description: Time when the activity occurred, in Epoch time.
      type: String
    - contextPath: Securonix.ViolationData.Createdate
      description: Create date.
      type: String
    - contextPath: Securonix.ViolationData.Criticality
      description: Violation criticality.
      type: String
    - contextPath: Securonix.ViolationData.DataSourceID
      description: Data source ID.
      type: String
    - contextPath: Securonix.ViolationData.Department
      description: Department affected by the violation.
      type: String
    - contextPath: Securonix.ViolationData.EmployeeID
      description: Employee ID.
      type: String
    - contextPath: Securonix.ViolationData.Encrypted
      description: Whether the violation is encrypted.
      type: String
    - contextPath: Securonix.ViolationData.Firstname
      description: First name of the user that violated the policy.
      type: String
    - contextPath: Securonix.ViolationData.Fullname
      description: Full name of the user that violated the policy.
      type: String
    - contextPath: Securonix.ViolationData.ID
      description: ID of the user that violated the policy.
      type: String
    - contextPath: Securonix.ViolationData.LanID
      description: LAN ID associated with the policy violation.
      type: String
    - contextPath: Securonix.ViolationData.Lastname
      description: Last name of the user that violated the policy.
      type: String
    - contextPath: Securonix.ViolationData.Lastsynctime
      description: Last sync time, in Epoch time.
      type: String
    - contextPath: Securonix.ViolationData.Masked
      description: Whether the violation is masked.
      type: String
    - contextPath: Securonix.ViolationData.Mergeuniquecode
      description: Merge unique code.
      type: String
    - contextPath: Securonix.ViolationData.Riskscore
      description: Risk score.
      type: String
    - contextPath: Securonix.ViolationData.Skipencryption
      description: Skip encryption.
      type: String
    - contextPath: Securonix.ViolationData.Status
      description: Status of the policy violation.
      type: String
    - contextPath: Securonix.ViolationData.Timezoneoffset
      description: Timezone offset.
      type: String
    - contextPath: Securonix.ViolationData.Title
      description: Title.
      type: String
    - contextPath: Securonix.ViolationData.Uniquecode
      description: Unique code.
      type: String
    - contextPath: Securonix.ViolationData.UserID
      description: Last sync time, in Epoch time.
      type: String
    - contextPath: Securonix.ViolationData.Workemail
      description: Work email address of the user that violated the policy.
      type: String
    - contextPath: Securonix.ViolationData.Violator
      description: Violator.
      type: String
    - contextPath: Securonix.Violation.totalDocuments
      description: Total number of events.
      type: Number
    - contextPath: Securonix.Violation.message
      description: Message from the API.
      type: String
    - contextPath: Securonix.Violation.queryId
      description: Query Id for the pagination.
      type: String
  - arguments:
    - description: ' Start time range for which to return incidents (<number> <time unit>, e.g., 1 hour, 30 minutes)'
      name: from
      required: true
    - description: End date/time for which to retrieve incidents (in the format MM/dd/yyyy HH:mm:ss) Default is current time.
      name: to
    - description: The incident type. Can be "updated", "opened", or "closed". Supports multiple selections.
      name: incident_types
    - defaultValue: '50'
      description: Maximum number of incidents to retrieve.
      name: max
    description: Gets a list of incidents.
    name: securonix-list-incidents
    outputs:
    - contextPath: Securonix.Incidents.ViolatorID
      description: Incident Violator ID.
      type: String
    - contextPath: Securonix.Incidents.Entity
      description: Incident entity.
      type: String
    - contextPath: Securonix.Incidents.Riskscore
      description: Incident risk score.
      type: Number
    - contextPath: Securonix.Incidents.Priority
      description: Incident priority.
      type: String
    - contextPath: Securonix.Incidents.Reason
      description: Reason for the incident. Usually includes policy name and/or possible threat name.
      type: String
    - contextPath: Securonix.Incidents.IncidentStatus
      description: Incident status.
      type: String
    - contextPath: Securonix.Incidents.WorkflowName
      description: Incident workflow name.
      type: String
    - contextPath: Securonix.Incidents.Watchlisted
      description: Whether the incident is in a watchlist.
      type: Boolean
    - contextPath: Securonix.Incidents.IncidentType
      description: Incident type.
      type: String
    - contextPath: Securonix.Incidents.IncidentID
      description: Incident ID.
      type: String
    - contextPath: Securonix.Incidents.LastUpdateDate
      description: Last update date of the incident in Epoch time.
      type: Number
    - contextPath: Securonix.Incidents.Url
      description: URL that links to the incident on Securonix.
      type: String
    - contextPath: Securonix.Incidents.ViolatorText
      description: Incident violator text.
      type: String
    - contextPath: Securonix.Incidents.AssignedUser
      description: User assigned to the incident.
      type: String
    - contextPath: Securonix.Incidents.IsWhitelisted
      description: Whether the incident is added to allow list.
      type: Boolean
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    description: Gets details of the specified incident.
    name: securonix-get-incident
    outputs:
    - contextPath: Securonix.Incidents.ViolatorID
      description: Incident violator ID.
      type: String
    - contextPath: Securonix.Incidents.Entity
      description: Incident entity.
      type: String
    - contextPath: Securonix.Incidents.Riskscore
      description: Incident risk score.
      type: Number
    - contextPath: Securonix.Incidents.Priority
      description: Incident priority.
      type: String
    - contextPath: Securonix.Incidents.Reason
      description: Reason for the incident. Usually includes policy name and/or possible threat name.
      type: String
    - contextPath: Securonix.Incidents.IncidentStatus
      description: Incident status.
      type: String
    - contextPath: Securonix.Incidents.WorkflowName
      description: Incident workflow name.
      type: String
    - contextPath: Securonix.Incidents.Watchlisted
      description: Whether the incident is in a watchlist.
      type: Boolean
    - contextPath: Securonix.Incidents.IncidentType
      description: Incident type.
      type: String
    - contextPath: Securonix.Incidents.IncidentID
      description: Incident ID.
      type: String
    - contextPath: Securonix.Incidents.LastUpdateDate
      description: The time when the incident was last updated, in Epoch time.
      type: Number
    - contextPath: Securonix.Incidents.Url
      description: URL that links to the incident on Securonix.
      type: String
    - contextPath: Securonix.Incidents.ViolatorText
      description: Incident violator text.
      type: String
    - contextPath: Securonix.Incidents.AssignedUser
      description: User assigned to the incident.
      type: String
    - contextPath: Securonix.Incidents.IsWhitelisted
      description: Whether the incident is added to allow list.
      type: Boolean
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    description: Gets the status of the specified incident.
    name: securonix-get-incident-status
    outputs:
    - contextPath: Securonix.Incidents.IncidentStatus
      description: Incident status.
      type: String
    - contextPath: Securonix.Incidents.IncidentID
      description: Incident ID.
      type: String
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    description: Gets the workflow of the specified incident.
    name: securonix-get-incident-workflow
    outputs:
    - contextPath: Securonix.Incidents.Workflow
      description: Incident workflow.
      type: String
    - contextPath: Securonix.Incidents.IncidentID
      description: Incident ID.
      type: String
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    description: Gets a list of available actions for the specified incident.
    name: securonix-get-incident-available-actions
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    - auto: PREDEFINED
      description: 'Action to perform on the incident. You can see them using securonix-get-incident-available-actions. e.g: "CLAIM", "ASSIGN TO SECOPS", "ASSIGN TO ANALYST", "RELEASE", or "COMMENT".'
      name: action
      predefined:
      - ''
      required: true
    - description: 'The parameters, if needed, to perform the action. For example, for the ASSIGN TO ANALYST action: assigntouserid={user_id},assignedTo=USER.'
      name: action_parameters
    description: Performs an action on the specified incident.
    name: securonix-perform-action-on-incident
  - arguments:
    - description: Incident ID.
      name: incident_id
      required: true
    - description: Comment to add to the incident.
      name: comment
      required: true
    description: Adds a comment to the specified incident.
    execution: true
    name: securonix-add-comment-to-incident
  - description: Gets a list of watchlists.
    name: securonix-list-watchlists
    outputs:
    - contextPath: Securonix.WatchlistsNames
      description: Watchlist names.
      type: String
  - arguments:
    - description: Watchlist name.
      name: watchlist_name
      required: true
    description: Gets information for the specified watchlist.
    name: securonix-get-watchlist
    outputs:
    - contextPath: Securonix.Watchlists.TenantID
      description: Watchlist tenant ID.
      type: String
    - contextPath: Securonix.Watchlists.Tenantname
      description: Watchlist tenant name.
      type: String
    - contextPath: Securonix.Watchlists.Type
      description: Watchlist type.
      type: String
    - contextPath: Securonix.Watchlists.Watchlistname
      description: Watchlist name.
      type: String
    - contextPath: Securonix.Watchlists.Events.ExpiryDate
      description: Expiration date of the entity in the watchlist, in Epoch time.
      type: String
    - contextPath: Securonix.Watchlists.Events.Workemail
      description: Work email address of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Fullname
      description: Full name of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Reason
      description: Reason that the entity is in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.LanID
      description: Lan ID of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Lastname
      description: Last name of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.EntityName
      description: Entity name of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Title
      description: Title of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Firstname
      description: First name of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.EmployeeID
      description: Employee ID of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Masked
      description: Whether the entity in the watchlist is masked.
      type: String
    - contextPath: Securonix.Watchlists.Events.Division
      description: Division of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Departmant
      description: Department of the entity in the watchlist.
      type: String
    - contextPath: Securonix.Watchlists.Events.Status
      description: Status of the entity in the watchlist.
      type: String
  - arguments:
    - description: The name of the watchlist.
      name: watchlist_name
      required: true
    - description: |-
        Name of the tenant the watchlist belongs to.

        The tenant name parameter is required for MSSP users.
      name: tenant_name
    description: Creates a watchlist in Securonix.
    name: securonix-create-watchlist
    outputs:
    - contextPath: Securonix.Watchlists.Watchlistname
      description: Name of the Watchlist.
      type: String
    - contextPath: Securonix.Watchlists.TenantName
      description: Tenant Name.
      type: String
  - arguments:
    - description: 'The name of the entity to check. For example: 1002.'
      name: entity_name
      required: true
    - description: The name of the watchlist in which to check the entity.
      name: watchlist_name
      required: true
    description: Checks if the specified entity is in a watchlist.
    name: securonix-check-entity-in-watchlist
    outputs:
    - contextPath: Securonix.EntityInWatchlist.Watchlistnames
      description: The names of the watchlists in which the entity appears.
      type: String
    - contextPath: Securonix.EntityInWatchlist.EntityID
      description: The entity ID.
      type: String
  - arguments:
    - description: The name of the watchlist to which to add the entity.
      name: watchlist_name
      required: true
    - auto: PREDEFINED
      description: The entity type. Can be "Users", "Activityaccount", "RGActivityaccount", "Resources", or "Activityip".
      name: entity_type
      predefined:
      - Users
      - Activityaccount
      - RGActivityaccount
      - Resources
      - Activityip
      required: true
    - description: 'The name of the entity to add to the watchlist. For example: 1022.'
      name: entity_name
      required: true
    - defaultValue: '30'
      description: The number of days after which the entity will be removed from the watchlist. The default value is "30".
      name: expiry_days
    description: Adds an entity to a watchlist.
    name: securonix-add-entity-to-watchlist
  - arguments:
    - description: 'The violation name or policy name. For example: "Uploads to personal Websites".'
      name: violation_name
      required: true
    - description: 'The resource group name. For example: "BLUECOAT", "Palo Alto Firewall".'
      name: resource_group
      required: true
    - auto: PREDEFINED
      description: The entity type. Can be "Users", "Activityaccount", "RGActivityaccount", "Resources", or "Activityip".
      name: entity_type
      predefined:
      - Users
      - Activityaccount
      - RGActivityaccount
      - Resources
      - Activityip
      required: true
    - description: The entity name associated with the violation. Can be "LanID" or "Workemail". For more information, see the Securonix documentation.
      name: entity_name
      required: true
    - auto: PREDEFINED
      description: The action name. Can be "Mark as concern and create incident", "Non-Concern", or "Mark in progress (still investigating)".
      name: action_name
      predefined:
      - Mark as concern and create incident
      - Non-Concern
      - Mark in progress (still investigating)
      required: true
    - description: 'The resource name. For example: "BLUECOAT", "Palo Alto Firewall".'
      name: resource_name
      required: true
    - auto: PREDEFINED
      description: The incident severity (criticality) for the new incident. Can be "Low", "High", or "Critical".
      name: criticality
      predefined:
      - Low
      - High
      - Critical
    - description: A comment for the new incident.
      name: comment
    - auto: PREDEFINED
      description: The workflow name. This argument is optional, but required when the action_name argument is set to "Mark as concern and create incident". Can be "SOCTeamReview", "ActivityOutlierWorkflow", or "AccessCertificationWorkflow".
      name: workflow
      predefined:
      - SOCTeamReview
      - ActivityOutlierWorkflow
      - AccessCertificationWorkflow
    description: Creates an incident. For more information about the required arguments, see the Securonix documentation.
    name: securonix-create-incident
    outputs:
    - contextPath: Securonix.Incidents.ViolatorID
      description: The ID of the incident violator.
      type: String
    - contextPath: Securonix.Incidents.Entity
      description: The incident entity.
      type: String
    - contextPath: Securonix.Incidents.Riskscore
      description: The incident risk score.
      type: Number
    - contextPath: Securonix.Incidents.Priority
      description: The incident priority.
      type: String
    - contextPath: Securonix.Incidents.Reason
      description: The reason that the incident was created. Usually includes the policy name and/or possible threat name.
      type: String
    - contextPath: Securonix.Incidents.IncidentStatus
      description: The incident status.
      type: String
    - contextPath: Securonix.Incidents.WorkflowName
      description: The incident workflow name.
      type: String
    - contextPath: Securonix.Incidents.Watchlisted
      description: Whether the incident is in a watchlist.
      type: Boolean
    - contextPath: Securonix.Incidents.IncidentType
      description: The incident type.
      type: String
    - contextPath: Securonix.Incidents.IncidentID
      description: The incident ID.
      type: String
    - contextPath: Securonix.Incidents.LastUpdateDate
      description: The time when the incident was last updated, in Epoch time.
      type: Number
    - contextPath: Securonix.Incidents.Url
      description: The URL that links to the incident on Securonix.
      type: String
    - contextPath: Securonix.Incidents.ViolatorText
      description: Text of the incident violator.
      type: String
    - contextPath: Securonix.Incidents.AssignedUser
      description: The user assigned to the incident.
      type: String
    - contextPath: Securonix.Incidents.IsWhitelisted
      description: Whether the incident is added to allow list.
      type: Boolean
  - arguments:
    - description: |-
        Start time range for which to return threats (Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ
        For example: 01 Jan 2023, 01 Feb 2023 04:45:33, 2023-01-26T14:05:44Z)
      name: date_from
      required: true
    - description: |-
        End date/time for which to retrieve threats (Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ
        For example: 01 Jan 2023, 01 Feb 2023 04:45:33, 2023-01-26T14:05:44Z) Default is current time.
      name: date_to
    - defaultValue: '10'
      description: The number of results to retrieve.
      name: page_size
    - description: Name of the tenant to fetch threats from. This parameter is optional for Non MSSP users.
      name: tenant_name
    - defaultValue: '0'
      description: Sets the starting index for the returned results.
      name: offset
    description: Retrieve a list of threats violated within a specified time range and get details about the threat models and policies violated.
    name: securonix-threats-list
    outputs:
    - contextPath: Securonix.Threat.TenantID
      description: Tenant ID.
      type: Number
    - contextPath: Securonix.Threat.Tenantname
      description: Tenant Name.
      type: String
    - contextPath: Securonix.Threat.Violator
      description: Violator of threat.
      type: String
    - contextPath: Securonix.Threat.EntityID
      description: Threat entity ID.
      type: String
    - contextPath: Securonix.Threat.Resourcegroupname
      description: Name of the resource group.
      type: String
    - contextPath: Securonix.Threat.ThreatName
      description: Threat Name.
      type: String
    - contextPath: Securonix.Threat.Category
      description: Category of threat.
      type: String
    - contextPath: Securonix.Threat.Resourcename
      description: Name of the resource.
      type: String
    - contextPath: Securonix.Threat.Resourcetype
      description: Type of the resource.
      type: String
    - contextPath: Securonix.Threat.GenerationTime
      description: Date and Time when the threat is generated.
      type: Date
    - contextPath: Securonix.Threat.GenerationTime_Epoch
      description: Epoch time when the threat is generated.
      type: Number
    - contextPath: Securonix.Threat.Policies
      description: List of policies violated.
      type: Unknown
    - contextPath: Securonix.Threat.Policystarttime
      description: Epoch time when the policy is first violated.
      type: Number
    - contextPath: Securonix.Threat.Policyendtime
      description: Epoch time when the policy is last violated.
      type: Number
    - contextPath: Securonix.Threat.Solrquery
      description: Spotter query to fetch the related violations.
      type: String
  - arguments:
    - description: Incident ID for which to retrieve the activity history.
      name: incident_id
      required: true
    description: Retrieves incident activity history for a specified incident.
    name: securonix-incident-activity-history-get
    outputs:
    - contextPath: Securonix.IncidentHistory.caseid
      description: Incident ID.
      type: Number
    - contextPath: Securonix.IncidentHistory.actiontaken
      description: The type of action taken.
      type: String
    - contextPath: Securonix.IncidentHistory.status
      description: The status of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.comment.Comments
      description: Comment text.
      type: String
    - contextPath: Securonix.IncidentHistory.eventTime
      description: Timestamp in epoch when the action is taken.
      type: Number
    - contextPath: Securonix.IncidentHistory.username
      description: Username of the person who carried out the action.
      type: String
    - contextPath: Securonix.IncidentHistory.currentassignee
      description: The current assignee of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.commentType
      description: The type of the comment.
      type: String
    - contextPath: Securonix.IncidentHistory.currWorkflow
      description: The current workflow of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.isPlayBookOutAvailable
      description: Whether or not the playbook is available.
      type: Boolean
    - contextPath: Securonix.IncidentHistory.creator
      description: The creator of the activity.
      type: String
    - contextPath: Securonix.IncidentHistory.lastStatus
      description: The previous status of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.pastassignee
      description: The previous assignee of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.prevWorkflow
      description: The previous workflow of the incident.
      type: String
    - contextPath: Securonix.IncidentHistory.attachment
      description: The name of the attached file.
      type: String
    - contextPath: Securonix.IncidentHistory.attachmentType
      description: The type of the attachment.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.playBookId
      description: The ID of the playbook.
      type: Number
    - contextPath: Securonix.IncidentHistory.playBookOutput.playBookName
      description: The name of the playbook.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.playRunId
      description: The playbook run ID.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.executorId
      description: The ID of the executor.
      type: Number
    - contextPath: Securonix.IncidentHistory.playBookOutput.executor
      description: The name of the executor.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.taskName
      description: The name of the playbook task.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.description
      description: The description of the playbook task.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.icon
      description: Playbook icon.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.taskId
      description: The ID of the playbook task.
      type: Number
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.lastExecutedTime
      description: The last execution time in epoch.
      type: Date
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.lastStatus
      description: The last status of the playbook.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.executedTask.executionId
      description: The execution ID of the playbook.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.executedTask.taskStartTime
      description: The start time of the task.
      type: Date
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.executedTask.taskEndTime
      description: The end time of the task.
      type: Date
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.executedTask.status
      description: The status of the task.
      type: String
    - contextPath: Securonix.IncidentHistory.playBookOutput.tasksForParticularRun.connectionMetadata
      description: Connection metadata.
      type: String
  - arguments:
    - description: Incident ID for which to retrieve the attachments.
      name: incident_id
      required: true
    - description: The type of attachment to retrieve. Supported options are csv, pdf, and txt. Comma-separated values are supported.
      name: attachment_type
    - description: 'Start time for which to retrieve attachments.(Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, yyyy-MM-ddTHH:mm:ss.SSSZ. For example: 01 Jan 2023, 01 Feb 2023 04:45:33, 2023-01-26T14:05:44Z, 2023-01-26T14:05:44.000Z)'
      name: from
    - description: 'End time for which to retrieve attachments.(Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, yyyy-MM-ddTHH:mm:ss.SSSZ. For example: 01 Jan 2023, 01 Feb 2023 04:45:33, 2023-01-26T14:05:44Z, 2023-01-26T14:05:44.000Z)'
      name: to
    description: Retrieves the attachments available on the Securonix platform.
    name: securonix-incident-attachment-get
    outputs:
    - contextPath: File.Size
      description: The size of the file in bytes.
      type: Number
    - contextPath: File.SHA1
      description: The SHA1 hash of the file.
      type: String
    - contextPath: File.SHA256
      description: The SHA256 hash of the file.
      type: String
    - contextPath: File.SHA512
      description: The SHA512 hash of the file.
      type: String
    - contextPath: File.Name
      description: The name of the file.
      type: String
    - contextPath: File.SSDeep
      description: The SSDeep hash of the file.
      type: String
    - contextPath: File.EntryID
      description: The entry ID of the file.
      type: String
    - contextPath: File.Info
      description: File information.
      type: String
    - contextPath: File.Type
      description: The file type.
      type: String
    - contextPath: File.MD5
      description: The MD5 hash of the file.
      type: String
    - contextPath: File.Extension
      description: The file extension.
      type: String
    - contextPath: Securonix.Incidents.Attachments.IncidentID
      description: Attachment Incident ID.
      type: String
    - contextPath: Securonix.Incidents.Attachments.Files
      description: Attachment File names.
      type: Unknown
  - arguments:
    - description: |-
        Name of the tenant the whitelist belongs to.

        The tenant name parameter is required for MSSP users.
      name: tenant_name
    description: Gets a list of whitelists.
    name: securonix-whitelists-get
    outputs:
    - contextPath: Securonix.Whitelist.WhitelistName
      description: Name of the Whitelist.
      type: String
    - contextPath: Securonix.Whitelist.TenantName
      description: Tenant Name.
      type: String
    - contextPath: Securonix.Whitelist.WhitelistType
      description: Type of the Whitelist.
      type: String
  - arguments:
    - description: |-
        Name of the tenant the whitelist belongs to.

        The tenant name parameter is required for MSSP users.
      name: tenant_name
    - description: Name of the whitelist that the user wants to list.
      name: whitelist_name
      required: true
    description: Gets information for the specified whitelist.
    name: securonix-whitelist-entry-list
    outputs:
    - contextPath: Securonix.Whitelist.WhitelistName
      description: Name of the Whitelist.
      type: String
    - contextPath: Securonix.Whitelist.TenantName
      description: Tenant Name.
      type: String
    - contextPath: Securonix.Whitelist.Entries.Entity/Attribute
      description: Entity/Attribute which is whitelisted.
      type: String
    - contextPath: Securonix.Whitelist.Entries.ExpiryDate
      description: The date when the entity will be removed from the whitelist.
      type: Date
  - arguments:
    - description: |-
        Name of the tenant the whitelist belongs to.

        The tenant name parameter is required for MSSP users.
      name: tenant_name
    - description: Name of the whitelist that the user wants to create.
      name: whitelist_name
      required: true
    - auto: PREDEFINED
      description: Type of entity that the whitelist is intended to hold.
      name: entity_type
      predefined:
      - Users
      - Activityaccount
      - Resources
      - Activityip
      required: true
    description: Creates a whitelist in Securonix.
    name: securonix-whitelist-create
  - description: Returns the state mapping of XSOAR with Securonix.
    name: securonix-xsoar-state-mapping-get
    outputs:
    - contextPath: Securonix.StateMapping.ACTIVE.action
      description: Securonix action name to map with XSOAR's active state.
      type: String
    - contextPath: Securonix.StateMapping.ACTIVE.status
      description: Securonix status to map with XSOAR's active state.
      type: String
    - contextPath: Securonix.StateMapping.DONE.action
      description: Securonix action name to map with XSOAR's closed state.
      type: String
    - contextPath: Securonix.StateMapping.DONE.status
      description: Securonix status to map with XSOAR's closed state.
      type: String
  - arguments:
    - description: |-
        The Name of the tenant the whitelist belongs to.

        The tenant name parameter is required for MSSP user.
      name: tenant_name
    - description: |-
        The name of the whitelist to which data is being added.

        If whitelist_type is Attribute, then whitelist_name and violation_name should be the same.
      name: whitelist_name
      required: true
    - auto: PREDEFINED
      description: The type of the whitelist to which data is being added. (Supported Values are Global and Attribute.)
      name: whitelist_type
      predefined:
      - Global
      - Attribute
      required: true
    - auto: PREDEFINED
      description: |-
        The type of entity being added. (Supported values are Users, Activityaccount, Activityip, Resources).

        This parameter is required if whitelist_type is Global.
      name: entity_type
      predefined:
      - Users
      - Activityaccount
      - Resources
      - Activityip
    - description: |-
        ID of the entity being added.

        This parameter is required if whitelist_type is Global.
      name: entity_id
    - description: The date when the entity will be removed from the whitelist.(In MM/DD/YYYY format)
      name: expiry_date
    - description: "The resource name to which the account belongs. \n\nThis parameter is required if whitelist_type is Global and entity_type is Activityaccount."
      name: resource_name
    - description: "The resource group id to which the account belongs. \n\nThis parameter is required if whitelist_type is Global and entity_type is Activityaccount."
      name: resource_group_id
    - auto: PREDEFINED
      description: |-
        Name of the attribute being added. (Supported values are source ip, resourcetype,
        transactionstring)

        This parameter is required if whitelist_type is Attribute.
      name: attribute_name
      predefined:
      - source ip
      - resourcetype
      - transactionstring
    - description: "The attribute value being added. \n\nThis parameter is required if whitelist_type is set to Attribute."
      name: attribute_value
    - auto: PREDEFINED
      description: "Type of the violation. (Supported Values are Policy,ThreatModel,\nFunctionality.) \n\nThis parameter is required if whitelist_type is set to Attribute."
      name: violation_type
      predefined:
      - Policy
      - ThreatModel
      - Functionality
    - description: "Name of the violations. (Supported values are Policy names, ThreatModel names, Functionality names)\n\nThis parameter is required if whitelist_type is set to Attribute, and is the same as the whitelist name parameter. "
      name: violation_name
    description: Add entity or attribute to the specified whitelist entry.
    name: securonix-whitelist-entry-add
  - arguments:
    - description: Name of the lookup table to delete.
      name: name
      required: true
    description: Deletes a lookup table with its data and configuration.
    name: securonix-lookup-table-config-and-data-delete
    outputs:
    - contextPath: Securonix.LookupTable.lookupTableName
      description: Name of the lookup table.
      type: String
    - contextPath: Securonix.LookupTable.isDeleted
      description: True, if the lookup table data and configuration deleted successfully.
      type: Boolean
  - arguments:
    - description: Name of the tenant the whitelist belongs to.
      name: tenant_name
      required: true
    - description: Name of the whitelist the user wants to delete the value from.
      name: whitelist_name
      required: true
    - auto: PREDEFINED
      description: Type of whitelist that user wants to delete from.
      name: whitelist_type
      predefined:
      - Global
      - Attribute
    - description: |-
        Entity ID value that needs to be removed from the whitelist.

        This parameter is required if whitelist_type is set to "Global".

        Example:
        - employeeId for type User
        - accountname for type ActivityAccount
        - resourcename for type Resources
        - ipadress for type IpAddress
      name: entity_id
    - description: |-
        Name of the attribute being removed.

        This parameter is required if whitelist_type is set to "Attribute".

        Example:
        - accountname
        - transactionstring
        - sourcetype
      name: attribute_name
    - description: |-
        The value of the attribute being removed.

        This parameter is required if whitelist_type is "Attribute".
      name: attribute_value
    description: Remove entity or attribute from the specified whitelist entry.
    name: securonix-whitelist-entry-delete
  - arguments:
    - defaultValue: '50'
      description: Number of records to return.
      name: max
    - defaultValue: '0'
      description: Specify from which record the data should be returned.
      name: offset
    description: Retrieves a list of lookup tables available within the Securonix platform.
    name: securonix-lookup-tables-list
    outputs:
    - contextPath: Securonix.LookupTable.tenantName
      description: Name of the tenant.
      type: String
    - contextPath: Securonix.LookupTable.lookupTableName
      description: Name of the lookup table.
      type: String
    - contextPath: Securonix.LookupTable.totalRecords
      description: Number of records in the lookup table.
      type: Number
    - contextPath: Securonix.LookupTable.scope
      description: Scope of the lookup table.
      type: String
    - contextPath: Securonix.LookupTable.type
      description: Type of the lookup table.
      type: String
  - arguments:
    - description: Lookup Table name to which the data needs to be added.
      name: name
      required: true
    - description: Name of the tenant to which the lookup table belongs. This argument is required for MSSP users and if the scope of the lookup table is "Meta".
      name: tenant_name
    - description: |-
        JSON formatted string containing the field names and values in the below format. To specify an expiration date for an entry, add "expiryDate" key (in the format of "MM/DD/YYYY") in the respective JSON object.

        E.g. [{"field1": "Value1", "field2": "Value2"}, {"field1": "Value3", "field2": "Value4"}]
      name: json_data
    - description: War room entry of the file. To specify an expiration date for an entry, add "expiryDate" key (in the format of "MM/DD/YYYY") in the respective JSON object.
      name: file_entry_id
    description: Add entries to the provided lookup table.
    name: securonix-lookup-table-entry-add
  - arguments:
    - description: Lookup Table name.
      name: name
      required: true
    - description: Use to filter the records. By default it will filter the records on key. To filter on other column use attribute argument.
      name: query
    - description: Column name on which to filter the data.
      name: attribute
      defaultValue: 'key'
    - defaultValue: '15'
      description: Number of records to retrieve.
      name: max
    - description: Specify from which record the data should be returned.
      defaultValue: '0'
      name: offset
    - description: Specify a value to retrieve records from a specific page.
      name: page_num
      defaultValue: '1'
    - description: Name of the column on which to sort the data. By default the data will be sorted on the key.
      name: sort
    - auto: PREDEFINED
      defaultValue: asc
      description: The order in which to sort the data. By default the data will be sorted in ascending order.
      name: order
      predefined:
      - asc
      - desc
    description: Retrieves the entries stored in a specified lookup table.
    name: securonix-lookup-table-entries-list
    outputs:
    - contextPath: Securonix.LookupTableEntries.lookupname
      description: Name of the lookup table.
      type: String
    - contextPath: Securonix.LookupTableEntries.tenantid
      description: ID of the tenant.
      type: Number
    - contextPath: Securonix.LookupTableEntries.lookupuniquekey
      description: Unique key of the entry.
      type: String
    - contextPath: Securonix.LookupTableEntries.timestamp
      description: The UTC timestamp indicates when the entry was added.
      type: String
    - contextPath: Securonix.LookupTableEntries.key
      description: The value of the key field.
      type: String
    - contextPath: Securonix.LookupTableEntries.defaultenrichedevent
      description: Entry data.
      type: Unknown
    - contextPath: Securonix.LookupTableEntries.tenantname
      description: Name of the tenant.
      type: String
    - contextPath: Securonix.LookupTableEntries.entry.key
      description: Key of the entry.
      type: String
    - contextPath: Securonix.LookupTableEntries.entry.value
      description: Value of the entry.
      type: String
  - arguments:
    - description: Name of the lookup table to create.
      name: name
      required: true
    - auto: PREDEFINED
      description: Scope of the lookup table. This argument is mandatory for MSSP users.
      name: scope
      predefined:
      - Global
      - Local
      - Meta
    - description: Name of the tenant in which to create a lookup table. This argument is mandatory for MSSP users.
      name: tenant_name
    - description: A comma-separated string of column names.
      name: field_names
      required: true
    - description: A comma-separated string of column names for which data needs to be encrypted.
      name: encrypt
    - description: A comma-separated string of column names to be used as key.
      name: key
      required: true
    description: Creates a lookup table.
    name: securonix-lookup-table-create
  - arguments:
    - description: Comma-separated list of lookup unique keys to delete.
      name: lookup_unique_keys
      required: true
    - description: Name of the lookup table from which to delete the entries.
      name: name
      required: true
    description: Deletes the entries from the lookup table.
    name: securonix-lookup-table-entries-delete
  dockerimage: demisto/python3:3.10.12.65389
  isfetch: true
  runonce: false
  script: '-'
  subtype: python3
  type: python
tests:
- No test - no instance
fromversion: 5.0.0