Skip to main content

Armis Event Collector

This Integration is part of the Armis Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Collects alerts, devices and activities from Armis resources. This integration was integrated and tested with API V.1.8 of Armis API.

This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.

Configure Armis Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Armis Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLURL of the Armis instance the event collector should connect to.True
    API Secret KeyThe API Secret Key allows you to programmatically integrate with the Armis ecosystem.True
    Maximum number of events per fetchAlerts and activity events.
    Maximum number of device events per fetchDevices events.
    Trust any certificate (not secure)
    Use system proxy settings
    Event types to fetchTrue
    Events Fetch IntervalAlerts and activity events.False
    Minutes to delayNumber of minutes to delay when fetching events (to handle events creation delay in the Armis database). Default is 10 minutes but note a higher value might be needed for users with heavier traffic.False
    Device Fetch IntervalTime between fetch of devices (for example 12 hours, 60 minutes, etc.).False

  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from a Cortex XSIAM incident War Room ,as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

armis-get-events#

Manual command to fetch and display events. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to events duplication and exceeding the API request limitation.

Base Command#

armis-get-events

Input#

Argument NameDescriptionRequired
should_push_eventsSet this argument to true in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false.Required
from_dateThe date from which to fetch events. The format should be YYYY-MM-DD or YYYY-MM-DDT:HH:MM:SS. If not specified, the current date will be used.Optional
event_typeThe type of event to fetch. Possible values are: Alerts, Activities, Devices. Default is Alerts.Optional
aqlRun your own AQL query to fetch events.Optional

Context Output#

There is no context output for this command.

Edit this page
Report an Issue