Gem
Use Gem alerts as a trigger for Cortex XSOAR’s custom playbooks, to automate response to specific TTPs.
Cloud Services · Gem
Configuration parameters
incidentType— Incident typeapi_endpoint— API Endpoint (required)credentials— Service Account ID (required)first_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)proxy— Use system proxy settingsinsecure— Trust any certificate (not secure)isFetch— Fetch incidentsmax_fetch— Maximum number of alerts per fetch
Commands (15)
-
gem-add-timeline-eventAdd a timeline event to a threat.
-
gem-get-alert-detailsGet details about a specific alert.
-
gem-get-resource-detailsGet details about a specific resource.
-
gem-get-threat-detailsGet details about a specific threat.
-
gem-list-accessing-entitiesList all entities that accessed an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-accessing-ipsList all source IP addresses that accessed an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-events-by-entityList all events performed by an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-events-on-entityList all events performed on an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-inventory-resourcesList inventory resources in Gem.
-
gem-list-ips-by-entityList all source IP addresses used by an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-services-by-entityList all services accessed by an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-list-threatsList all threats detected in Gem.
-
gem-list-using-entitiesList all entities that used an entity in a specific timeframe. The results are sorted by activity volume.
-
gem-run-actionRun an action on an entity.
-
gem-update-threat-statusSet a threat's status to open, in progress or resolved.