Skip to main content

Alibaba Action Trail Event Collector

This Integration is part of the Alibaba Action Trail Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Alibaba log event collector integration for XSIAM. This integration was integrated and tested with API version 0.6 of Alicloud Log Service.

Configure Alibaba Action Trail Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Configurations > Data Collection > Automation & Feed Integrations.

  2. Search for Alibaba Action Trail Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    EndpointThe URL used to access your project and the data of your project.True
    Access key idThe ID used to identify the user.True
    Access keyThe key provided to you by Alibaba Cloud for authentication.True
    Project nameThe name of your project in your Log Service used to isolate the resources of different users and control access to specific resources.True
    Logstore nameThe unit in your Log Service that is used to collect, store, and query logs.True
    QueryThe filter conditions in search statements used to obtain specific logs. Each query statement consists of a search statement and an analytic statement. The search statement and the analytic statement are separated with a vertical bar (|).A search statement can be a keyword, a numeric value, a numeric value range, a space, or an asterisk . If you specify a space or an asterisk as the search statement, no conditions are used for searching, and all logs are returned.
    For example: (|) select from actiontrail_pa_trail, will retrieve all the events from the project as set above.
    Number of incidents to fetch per fetch.The maximum number of incidents to fetch each time.False
    First fetch time intervalThe period to retrieve events for. format: [number][time unit], for example 12 hours, 1 day, 3 months. Default is 3 days.False
    Use system proxy settingsRuns the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration.False
    Use Secured ConnectionUse SSL secure connection or ‘None’.False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands Alert War Room in the CLI in XSIAM. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to fetch events and display them.

Base Command#



Argument NameDescriptionRequired
fromThe date after which to search for logs in seconds Example: 1652617222.Optional
limitNumber of events to fetch. Default is 1.Required
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. Possible values are: True, False. Default is False.Required

Context Output#

There is no context output for this command.