SOCRadarIncidentsV4
SOCRadar Incidents v4 API integration with advanced incident management, status reasons, and compliance tracking. Fetches security incidents from SOCRadar platform with proper deduplication and date handling. Supports filtering by alarm type IDs for granular control.
Analytics & SIEM · SOCRadar
Configuration parameters
apikey— (required)company_id— Company ID (required)isFetch— Fetch incidentsfirst_fetch— First Fetch Timefetch_interval_minutes— Fetch Interval (Minutes)max_fetch— Max incidents per fetchshow_content— Show Alarm Contentstatus— Status Filterseverities— Severity Levelsalarm_type_ids— Alarm Type IDs (Include)excluded_alarm_type_ids— Alarm Type IDs (Exclude)alarm_main_types— Alarm Main Typesexcluded_alarm_main_types— Alarm Main Types (Exclude)alarm_sub_types— Alarm Sub Typesexcluded_alarm_sub_types— Alarm Sub Types (Exclude)include_company_id— Include Company IDinclude_incident_link— Include Incident Linkinclude_mitigation— Include Mitigationinclude_response— Include Responseinclude_detection_and_analysis— Include Detection And Analysisinclude_post_incident_analysis— Include Post Incident Analysisinclude_related_assets— Include Related Assetsinclude_related_entities— Include Related Entitiesinsecure— Trust any certificate (not secure)proxy— Use system proxy settingsincidentType— Incident type
Commands (8)
-
socradar-add-assigneeadd the assignee(s) of an alarm.
-
socradar-add-commentAdd a comment to an alarm.
-
socradar-add-tagAdd or remove a tag from an alarm.
-
socradar-change-alarm-statusChange the status of one or more alarms.
-
socradar-change-assigneeDeprecatedadd the assignee(s) of an alarm.
-
socradar-mark-false-positiveMark an alarm as false positive.
-
socradar-mark-resolvedMark an alarm as resolved.
-
socradar-test-fetchTest incident fetching to verify alarms are available and date parsing works correctly.