Elastica CloudSOC Integration

Overview

This integration allows interaction with the Broadcom Symantec CloudSOC platform (formerly Elastica CloudSOC) to retrieve user activity logs and test connectivity.

Configuration

To configure this integration within the SOAR platform, you typically need the following CloudSOC details:

  • API URL: The base URL for your CloudSOC tenant API (e.g., https://app.elastica.net/).

  • Username: The username for an API user account.

  • Password: The password for the API user account.

  • Tenant Domain: Your CloudSOC tenant domain name.

(Note: The exact parameter names might vary slightly depending on the specific SOAR platform configuration interface. Ensure the user account has the necessary permissions to access audit logs via the API.)

Actions

Ping

Test Connectivity to Elastica CloudSOC.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on.

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the result of the ping action.

Get User Activities

Fetch user activities from Elastica Cloud SOC for specified users within a given timeframe.

Arguments:

  • case_id (string, required): The ID of the case.

  • alert_group_identifiers (List[string], required): Identifiers for the alert groups.

  • minutes_back (string, optional): Fetch logs since ‘x’ minutes backwards (e.g., 5, 60).

  • target_entities (List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Supports User entities (typically email addresses).

  • scope (string, optional): Defines the scope for the action. Defaults to “All entities”.

Returns:

  • dict: A dictionary containing the list of user activities matching the criteria.

Notes

  • Ensure the Elastica CloudSOC integration is properly configured in the SOAR Marketplace tab with the correct API URL, Username, Password, and Tenant Domain.

  • The API user requires permissions to read audit logs within CloudSOC.

  • The Get User Activities action targets User entities (usually identified by email address).