Use the Aella Starlight integration to get detailed information for security events detected by Aella Breach Detection software.
This integration was integrated and tested with Aella Startlight v2.2.1.
Monitor security events and get event details
Periodically fetch new security events detected by Aella Starlight. Each security event will have a unique event_id , which you can pass to the |
aella-get-eventcommand to get the detailed information for. You can perform a follow-up action, such as sending a notification to security staff.
Fetched Incidents Data
: Incident name
label : "Starlight event"
aella_eid : Aella event ID
aella_event : Aella event name
event_severity : Severity of the event
Configure Aella Starlight on Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for Aella Star Light.
to create and configure a new integration instance.
You should configure the following settings:
- Name : a textual name for the integration instance.
- Server URL (e.g. https://starlight.companyname.com:8889 )
- User name
- Fetch incidents
- Incident type
- Fetching interval in minutes (default is 15, minimum is 15 )
- The specific security event to look for. Default is all events
- Security event severity threshold, between 0-100
- Trust any certificate (not secure)
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Get event details
Get details for a specific Startlight event.
|event_id||Event ID from the Starlight incident||Required|
|Aella.Event.srcip_reputation||string||Source IP reputation|
|Aella.Event.dstip_reputation||string||Destination IP reputation|
|Aella.Event.dstip_geo||unknown||Destination IP geolocation|
|Aella.Event.srcip_geo||unknown||Source IP geolocation|