Armis Event Collector
#
This Integration is part of the Armis Pack.Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Collects alerts & threat activities from Armis resources. This integration was integrated and tested with API V.1.8 of Armis API.
#
Configure Armis Event Collector on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Armis Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL URL of the Armis instance the event collector should connect to. True API Secret Key The authorization token used for authentication of the Armis API. True Number of events to fetch per type The maximum number of events to fetch per event type. False Trust any certificate (not secure) When selected, certificates are not checked. False Use system proxy settings Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. False Event types to fetch Define which event types to fetch. True Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from an Cortex XSIAM incident War Room ,as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
armis-get-eventsManual command to fetch and display events.
#
Base Commandarmis-get-events
#
InputArgument Name | Description | Required |
---|---|---|
should_push_events | Set this argument to true in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false. | Required |
from_date | The date from which to fetch events. the format should be YYYY-MM-DD. If not specified, the current date will be used. | Optional |
#
Context OutputThere is no context output for this command.