Aella Star Light
This Integration is part of the Aella Star Light Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Overview
Use the Aella Starlight integration to get detailed information for security events detected by Aella Breach Detection software.
This integration was integrated and tested with Aella Startlight v2.2.1.
Use cases
-
Monitor security events and get event details
Periodically fetch new security events detected by Aella Starlight. Each security event will have a unique event_id , which you can pass to the |aella-get-eventcommand to get the detailed information for. You can perform a follow-up action, such as sending a notification to security staff.
Fetched Incidents Data
name
: Incident name
label
: "Starlight event"
aella_eid
: Aella event ID
aella_event
: Aella event name
event_severity
: Severity of the event
Configure Aella Starlight on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Aella Star Light.
-
Click
Add instance
to create and configure a new integration instance.
You should configure the following settings:
- Name : a textual name for the integration instance.
- Server URL (e.g. https://starlight.companyname.com:8889 )
- User name
- Fetch incidents
- Incident type
- Fetching interval in minutes (default is 15, minimum is 15 )
- The specific security event to look for. Default is all events
- Security event severity threshold, between 0-100
- Trust any certificate (not secure)
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Get event details
Get details for a specific Startlight event.
Base Command
aella-get-event
Input
| Argument Name | Description | Required |
|---|---|---|
| event_id | Event ID from the Starlight incident | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Aella.Event.event_name | string | Event name |
| Aella.Event.severity | string | Severity score |
| Aella.Event.dstip | string | Destination IP |
| Aella.Event.srcip | string | Source IP |
| Aella.Event.tenantid | string | Tenant ID |
| Aella.Event.srcip_reputation | string | Source IP reputation |
| Aella.Event.dstip_reputation | string | Destination IP reputation |
| Aella.Event.dstip_geo | unknown | Destination IP geolocation |
| Aella.Event.srcip_geo | unknown | Source IP geolocation |