VMware vSphere Integration

This document describes the available tools for the VMware vSphere integration within the SecOps SOAR MCP Server. This integration allows interaction with VMware vSphere for managing virtual machines (VMs).

Configuration

Ensure the vSphere integration is configured in the SOAR platform with the necessary vCenter server address, username, and password.

Available Tools

v_sphere_suspend

  • Description: Suspend a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM to suspend.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the suspend operation.

v_sphere_take_snapshot

  • Description: Take a snapshot of a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM.

    • snapshot_name (str, required): The name to give the new snapshot.

    • snapshot_description (str, required): A description for the snapshot.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the snapshot operation.

v_sphere_get_vm_by_ip

  • Description: Find the name of a virtual machine based on its IP address.

  • Supported Entities: IP Address

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Should contain the IP Address. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the VM name if found.

v_sphere_revert_to_snapshot

  • Description: Revert a virtual machine to a specific snapshot.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM.

    • snapshot_name (str, required): The name of the snapshot to revert to.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the revert operation.

v_sphere_power_on

  • Description: Power on a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM to power on.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the power-on operation.

v_sphere_reset

  • Description: Perform a hard reset on a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM to reset.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the reset operation.

v_sphere_ping

  • Description: Test connectivity to the vSphere vCenter server configured in the SOAR platform.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the connectivity test.

v_sphere_power_off

  • Description: Power off a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM to power off.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing the result of the power-off operation.

v_sphere_get_system_info

  • Description: Get detailed information about a specified virtual machine.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • vm_name (str, required): The name of the target VM.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing detailed system information about the VM.

v_sphere_list_vms

  • Description: Get a list of all virtual machines registered in the vCenter server.

  • Args:

    • case_id (str, required): The ID of the case.

    • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

    • target_entities (List[TargetEntity], optional): Specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.

    • scope (str, optional): Defines the scope for the action (e.g., “All entities”). Defaults to “All entities”. Used if target_entities is empty.

  • Returns: (dict) A dictionary containing a list of all registered VMs.