Traceable
Traceable Platform Integration enables publishing Traceable Detected Security Events to be published to Cortex Xsoar for further action.
Analytics & SIEM · Traceable
Configuration parameters
url— Traceable Platform API Endpoint URL (required)credentials— (required)insecure— Trust any certificate (not secure)proxy— Use system proxy settingsisFetch— Fetch incidentsfirst_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)max_fetch— Max number of records to fetch per API call to Traceable API Endpointspan_fetch_threadpool— Number of span queries to run in parallelspan_query_batch_size— Max spans per thread (1 to 1000)environment— Comma Separated Environment List To ProcesssecurityScoreCategory— Security Score CategorythreatCategory— Threat CategoryipReputationLevel— IP Reputation LevelipAbuseVelocity— IP Abuse VelocityipCategories— IP Location Typeapp_url— Traceable Platform Endpoint URLincidentType— Incident typeignoreStatusCodes— Ignore Status Codes (eg. 301, 400-499)optionalDomainEventFieldList— Incident optional field listoptionalAPIAttributes— Additional API AttributesisFetchUniqueIncidents— Fetch unique incidentstimegap_between_repeat_incidents— Time between raising similar incidents (in <number> <time unit>, e.g., in 12 hours, in 7 days)
Commands (2)
-
list_incident_cacheList the entries present in the Traceable instance cache.
-
purge_incident_cacheDelete all entries in the incident cache.