Traceable

Traceable Platform Integration enables publishing Traceable Detected Security Events to be published to Cortex Xsoar for further action.

Analytics & SIEM · Traceable

Configuration parameters

  • url — Traceable Platform API Endpoint URL (required)
  • credentials — (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • max_fetch — Max number of records to fetch per API call to Traceable API Endpoint
  • span_fetch_threadpool — Number of span queries to run in parallel
  • span_query_batch_size — Max spans per thread (1 to 1000)
  • environment — Comma Separated Environment List To Process
  • securityScoreCategory — Security Score Category
  • threatCategory — Threat Category
  • ipReputationLevel — IP Reputation Level
  • ipAbuseVelocity — IP Abuse Velocity
  • ipCategories — IP Location Type
  • app_url — Traceable Platform Endpoint URL
  • incidentType — Incident type
  • ignoreStatusCodes — Ignore Status Codes (eg. 301, 400-499)
  • optionalDomainEventFieldList — Incident optional field list
  • optionalAPIAttributes — Additional API Attributes
  • isFetchUniqueIncidents — Fetch unique incidents
  • timegap_between_repeat_incidents — Time between raising similar incidents (in <number> <time unit>, e.g., in 12 hours, in 7 days)

Commands (2)

  • list_incident_cache

    List the entries present in the Traceable instance cache.

  • purge_incident_cache

    Delete all entries in the incident cache.