MongoDB
Overview#
Use MongoDB to search and query entries This integration was integrated and tested with version v4.2.3 of MongoDB
Configure MongoDB on Cortex XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for MongoDB.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Username
- Server URLs with port (host1.com:27017,host2.com:27017)
- Database
- Trust any certificate (not secure)
- Click Test to validate the URLs, token, and connection.
Fetched Incidents Data#
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- mongodb-get-entry-by-id
- mongodb-query
- mongodb-insert
- mongodb-update
- mongodb-delete
- mongodb-list-collections
- mongodb-create-collection
- mongodb-drop-collection
- mongodb-pipeline-query
1. mongodb-get-entry-by-id#
Get an entry from database by ID
Required Permissions#
find permission.
Base Command#
mongodb-get-entry-by-id
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection do get entry from. | Required |
| object_id | An ObjectID to get. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| MongoDB.Entry._id | String | ID of entry |
| MongoDB.Entry.collection | String | Collection name |
Command Example#
!mongodb-get-entry-by-id collection=test object_id=5e444002d661d4fc62442f39
Context Example#
Human Readable Output#
Total of 0 found in MongoDB collection test:#
No entries.
2. mongodb-query#
Searches for items by using the specified JSON query. Search by regex is supported.
Required Permissions#
find permission.
Base Command#
mongodb-query
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection do query from. | Required |
| query | A JSON query to search for in the collection, in the format of: {"key": "value"}. e.g {"_id": "mongodbid"}. Supports search by regex using the following query="{ "field": { "$regex": "search_option" } }". For example: query="{ "year": { "$regex": "2.*" } }" - will query all entries such that their "year" field contains the number 2, query="{ "color": { "$regex": "Re.*", "$options": "i" } }": case insensitive search - will query all entries at the collection, where their "color" field contains the string "Re". | Required |
| sort | Sorting order for the query results. Use the format "field1:asc,field2:desc". | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| MongoDB.Entry._id | String | ID of entry from query |
| MongoDB.Entry.collection | String | Collection name |
Command Example#
!mongodb-query collection=test query=`{"test": true}
Context Example#
Human Readable Output#
Total of 2 found in MongoDB collection test with query: {"test": true}:#
| _id |
|---|
| 5e454023a14c0fb64ca2fd7f |
| 5e454024a14c0fb64ca2fd80 |
3. mongodb-insert#
Inserts an entry to the database
Required Permissions#
insert permission.
Base Command#
mongodb-insert
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection to insert entry from. | Required |
| entry | Entry JSON formatted. can include _id argument or not. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| MongoDB.Entry._id | String | ID of entry from query. |
| MongoDB.Entry.collection | String | Collection name |
Command Example#
!mongodb-insert collection=testCollection entry=`{"test": true}`\
Context Example#
Human Readable Output#
MongoDB: Successfully entered 1 entry to the 'testCollection' collection.#
| _id |
|---|
| 5e45403c7bc040c2a989007a |
4. mongodb-update#
Updates an entry in a collection
Required Permissions#
update permission.
Base Command#
mongodb-update
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection to update entry to. | Required |
| filter | A query that matches the document to update. | Required |
| update | You can use Update Operators or Aggregation Pipeline. Check documentation for further information. | Required |
| update_one | Update only one entry. if true, will set all found entries. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!mongodb-update collection=test filter=`{"test": true}` update=`{"$set": {"test": false}}`\
Human Readable Output#
MongoDB: Total of 1 entries has been modified.#
5. mongodb-delete#
Deletes an entry from the database
Required Permissions#
remove permission.
Base Command#
mongodb-delete
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection to delete entry from. | Required |
| filter | A query that matches the document to delete. | Required |
| delete_one | Delete only one entry from the database. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!mongodb-delete collection=test filter=`{"test": true}` delete_one=true
Human Readable Output#
MongoDB: Delete 1 entries.#
6. mongodb-list-collections#
Lists all collections in database
Required Permissions#
find permission.
Base Command#
mongodb-list-collections
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| MongoDB.Collection.Name | String | Name of the collection |
Command Example#
!mongodb-list-collections
Context Example#
Human Readable Output#
MongoDB: All collections in database:#
| Collection |
|---|
| collectionToDelete |
| testCollection |
| test |
7. mongodb-create-collection#
Creates a collection
Required Permissions#
createCollection permission.
Base Command#
mongodb-create-collection
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of collection to create. | Required |
Context Output#
There is no context output for this command.
Command Example#
!mongodb-create-collection collection=testCollection
Human Readable Output#
MongoDB: Collection 'testCollection' has been successfully created.#
8. mongodb-drop-collection#
Drops a collection from the database
Required Permissions#
dropCollection permission or above.
Base Command#
mongodb-drop-collection
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of collection to be dropped | Required |
Context Output#
There is no context output for this command.
Command Example#
!mongodb-drop-collection collection=collectionToDelete
Human Readable Output#
MongoDB: Collection 'collectionToDelete` has been dropped.#
mongodb-pipeline-query#
Searches for items by the specified JSON pipleline query.
Base Command#
mongodb-pipeline-query
Input#
| Argument Name | Description | Required |
|---|---|---|
| collection | Name of the collection to query. | Required |
| pipeline | A JSON pipeline query to search by in the collection. Pipeline query should by list of dictionaries. For example: [{"key1": "value1"}, {"key2": "value2"}]. | Required |
| limit | Limits the number of results returned from MongoDB. Default is 50. | Optional |
| offset | Offset to the first result returned from MongoDB. Default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| MongoDB.Entry._id | String | The ID of entry from the query. |
| MongoDB.Entry.collection | String | The collection of which the entry belongs to. |
Command Example#
!mongodb-pipeline-query collection=test_collection pipeline="[{\"$match\": {\"title\": \"test_title\"}}]"
Context Example#
Human Readable Output#
Total of 3 entries were found in MongoDB collection
test_collectionwith pipeline: [{"$match": {"title": "test_title"}}]:#
_id 602e624e8be6cb93eb795695 602e62598be6cb93eb795697 602e62698be6cb93eb795699
Additional Information#
- a guide on how to use the
filterandqueryargument can be found here - a guide on how to use the
updateargument can be found here
Known Limitations#
The test button is trying to list collections. If the user has no find permission it will fail.