Skip to main content

Thales SafeNet Trusted Access Event Collector

This Integration is part of the Thales SafeNet Trusted Access Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Retrieve access, authentication, and audit logs and stores them in a Security Information and Event Management (SIEM) system, local repository, or syslog file server. You can retrieve the logs only for the tenant that is associated with the API key, or for a direct or delegated child of that tenant.

Configure SafeNetTrustedAccessEventCollector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for SafeNetTrustedAccessEventCollector.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    URLThe URL consists of the root part of the REST API Endpoint URL provided in SafeNet Trusted Access, and has the form https://api.\[name\].comTrue
    Tenant CodeTenant code for your virtual server or account.True
    API Key for the authentication.True
    The product name corresponding to the integration that originated the eventsFalse
    The vendor name corresponding to the integration that originated the eventsFalse
    The maximum number of audit logs to fetch. Valid limit is multiples of 1000 and less than 10,000.True
    First fetch timestampFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse

  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

sta-get-events#

Get access, authentication, and audit logs from SafeNet Trusted Access.

Base Command#

sta-get-events

Input#

Argument NameDescriptionRequired
should_push_eventsIf true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false.Required
sinceSince date.Optional
untilUntil date.Optional
markerA string pointing at the next page of results. The marker can be found within the previous response.Optional

Context Output#

There is no context output for this command.

Command example#

!sta-get-events should_push_events=false since="10 seconds"

Human Readable Output#

Event Logs#

Marker: 111111 |category|context|details|id|logVersion|timeStamp| |---|---|---|---|---|---| | AUDIT | tenantId: TENENTID
originatingAddress: 1.1.1.1
principalId: ID
globalAccessId: ID | type: AUTHENTICATION
serial: SERIAL
action: 0
actionText: AUTH_ATTEMPT
result: 1
resultText: AUTH_SUCCESS
agentId: ID
message: MSG
credentialType: TYPE | $ID | 1.0 | 2022-01-01T00:00:00.00000Z | | AUDIT | tenantId: TENENTID
originatingAddress: 1.1.1.1
principalId: ID
globalAccessId: ID | type: AUTHENTICATION
serial: SERIAL
action: 0
actionText: AUTH_ATTEMPT
result: 2
resultText: CHALLENGE
agentId: ID
message: MSG
usedName: NAME
credentialType: TYPE | $ID | 1.0 | 2022-01-01T00:00:00.00000Z |

Edit this page
Report an Issue