Skip to main content

Armis Event Collector

This Integration is part of the Armis Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Collects alerts & threat activities from Armis resources. This integration was integrated and tested with API V.1.8 of Armis API.

Configure Armis Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Armis Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLURL of the Armis instance the event collector should connect to.True
    API Secret KeyThe authorization token used for authentication of the Armis API.True
    Number of events to fetch per typeThe maximum number of events to fetch per event type.False
    Trust any certificate (not secure)When selected, certificates are not checked.False
    Use system proxy settingsRuns the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration.False
    Event types to fetchDefine which event types to fetch.True
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from an Cortex XSIAM incident War Room ,as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

armis-get-events#


Manual command to fetch and display events.

Base Command#

armis-get-events

Input#

Argument NameDescriptionRequired
should_push_eventsSet this argument to true in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false.Required
from_dateThe date from which to fetch events. the format should be YYYY-MM-DD. If not specified, the current date will be used.Optional

Context Output#

There is no context output for this command.