ManageEngine
This Integration is part of the ManageEngine Pack.#
Supported versions
Supported Cortex XSOAR versions: 8.3.0 and later.
ManageEngine Endpoint Central is a Unified Endpoint Management solution that helps in managing thousands of servers, desktops, laptops and mobile devices from a single console. This integration serves as an Event Collector for Cortex XSIAM, enabling fetching AuditLogs from Endpoint Central.
Endpoint Central Cloud Domains#
Endpoint Central cloud is hosted at multiple data centers, and therefore available on different domains. There are several domains for Endpoint Central Cloud APIs, so you can use the one that is applicable to you.
| Data Centre | Domain | EndpointCentral Server URI |
|---|---|---|
| United States | .com | https://endpointcentral.manageengine.com |
| Europe | .eu | https://endpointcentral.manageengine.eu |
| India | .in | https://endpointcentral.manageengine.in |
| Australia | .com.au | https://endpointcentral.manageengine.com.au |
| China | .cn | https://endpointcentral.manageengine.cn |
| Japan | .jp | https://endpointcentral.manageengine.jp |
| Canada | .ca | https://endpointcentral.manageengine.ca |
The APIs on this page are intended for organizations hosted on the .com domain. If your organization is on a different domain, replace “.com” with the appropriate domain for the API endpoints before using them.
Note: You can also find out which domain you’re accessing by checking the URL while logged in to Endpoint Central.
Setting Up the Instance#
Step 1: Generate Client ID and Client Secret#
- Register your application as a new client by accessing the developer console.
- Choose Self client as application type.
- After choosing the client type, provide the required details and click 'Create'. On successful registration, you will be provided with a set of OAuth 2.0 credentials such as
Client_IDandClient_Secretthat will be only known to Zoho and your application. (Do not share this credentials anywhere).
Step 2: Authorization by generating the grant token#
After generating Client_ID and Client_Secret, a grant code has to be generated.
Self Client Method - For Self Client type.
- After registration, click the
Self Clientmethod available on the Applications list. - Enter a valid scope: DesktopCentralCloud.Admin.READ
Click Create to generate Code.
Testing the configuration#
To test the configuration, run the !manage-engine-test command instead of using the Test button.
Configure ManageEngine in Cortex#
| Parameter | Required |
|---|---|
| Server URL | True |
| Client ID | True |
| Client Secret | True |
| Code | True |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |
| Max number of audit events per fetch | False |
| Fetch events | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
manage-engine-test#
Tests connectivity of the server.
Base Command#
manage-engine-test
manage-engine-get-events#
Manual command to fetch events and display them.
Base Command#
manage-engine-get-events
Input#
| Argument Name | Description | Required |
|---|---|---|
| should_push_events | If true, the command will create events. Otherwise, it will only display them. Used for debugging purposes. | Required |
| limit | Maximum number of results to return. | Optional |
| start_date | Date from which to get events, For example '2018-11-06T08:56:41.000Z'. | Optional |
| end_date | Date to which to get events , For example '2018-11-06T08:56:41.000Z'. | Optional |
Context Output#
There is no context output for this command.