Supported Cortex XSOAR versions: 6.10.0 and later.
Collects alerts, devices and activities from Armis resources. This integration was integrated and tested with API V.1.8 of Armis API.
Navigate to Settings > Integrations > Servers & Services.
Search for Armis Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL URL of the Armis instance the event collector should connect to. True API Secret Key The API Secret Key allows you to programmatically integrate with the Armis ecosystem. True Maximum number of events per fetch Alerts and activity events. Maximum number of device events per fetch Devices events. Trust any certificate (not secure) Use system proxy settings Event types to fetch True Events Fetch Interval Alerts and activity events. False Device Fetch Interval Time between fetch of devices (for example 12 hours, 60 minutes, etc.). False
Click Test to validate the URLs, token, and connection.
You can execute these commands from a Cortex XSIAM incident War Room ,as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Manual command to fetch and display events. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to events duplication and exceeding the API request limitation.
|Set this argument to true in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false.
|The date from which to fetch events. The format should be YYYY-MM-DD or YYYY-MM-DDT:HH:MM:SS. If not specified, the current date will be used.
|The type of event to fetch. Possible values are: Alerts, Activities, Devices. Default is Alerts.
|Run your own AQL query to fetch events.
There is no context output for this command.