Skip to main content

ThousandEyes

This Integration is part of the ThousandEyes Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

This Integration is used to fetch-incidents via “Active alerts”, get alert details via “Alert details”, and get the “Agent list”. It was integrated and tested with API v6 of ThousandEyes.

Configure ThousandEyes in Cortex#

ParameterRequired
Base API URLTrue
PasswordTrue
Fetch incidentsFalse
Incidents Fetch IntervalFalse
Incident typeFalse
Trust any certificate (not secure)False
Use system proxy settingsFalse
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
Minimum Severity to filter out the fetched alerts (only applicable for incidents)False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

thousandeyes-get-alerts#


Fetches all the alerts.

Base Command#

thousandeyes-get-alerts

Input#

Argument NameDescriptionRequired
aidAID to fetch Active Alerts from.Optional
from_dateExplicit start date to fetch Alerts from.Optional
to_dateExplicit end date to fetch Alerts to.Optional

Context Output#

PathTypeDescription
ThousandEyes.Alerts.AlertIDIntegerunique ID of the alert; each alert occurrence is assigned a new unique ID
ThousandEyes.Alerts.ActiveInteger0 for inactive, 1 for active, 2 for disabled. Alert is disabled if either alert rule itself has been deleted or the test it is applied to has been disabled, deleted, disabled alerting, or disassociated the alert rule from the test
ThousandEyes.Alerts.AgentsUnknownarray of monitors where the alert has at some point been active since the point that the alert was triggered. Not shown on BGP alerts.
ThousandEyes.Alerts.AIDIntegerUnique identifier of the Group AID
ThousandEyes.Alerts.DateStartUnknownthe date/time where an alert rule was triggered, expressed in UTC
ThousandEyes.Alerts.ApiLinksUnknownlist of hyperlinks to other areas of the API
ThousandEyes.Alerts.PermaLinkStringhyperlink to alerts list, with row expanded
ThousandEyes.Alerts.RuleExpressionStringstring expression of alert rule
ThousandEyes.Alerts.RuleIDIntegerunique ID of the alert rule
ThousandEyes.Alerts.RuleNameStringname of the alert rule
ThousandEyes.Alerts.TestIDIntegerunique ID of the test
ThousandEyes.Alerts.TestNameStringname of the test
ThousandEyes.Alerts.ViolationCountIntegernumber of sources currently meeting the alert criteria
ThousandEyes.Alerts.TypeIntegertype of alert being triggered
ThousandEyes.Alerts.SeverityIntegerfield with one of the following values: INFO, MAJOR, MINOR, CRITICAL for all alert types

thousandeyes-get-alert#


Fetches a given alert.

Base Command#

thousandeyes-get-alert

Input#

Argument NameDescriptionRequired
alert_idAlert ID to fetch.Required

Context Output#

There is no context output for this command.

thousandeyes-get-agents#


Fetches all agents.

Base Command#

thousandeyes-get-agents

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
ThousandEyes.Agents.AgentIDIntegerunique ID of agent
ThousandEyes.Agents.AgentNameStringdisplay name of the agent
ThousandEyes.Agents.AgentTypeStringCloud, Enterprise or Enterprise Cluster, shows the type of agent
ThousandEyes.Agents.CountryIDStringISO-3166-1 alpha-2 country code of the agent
ThousandEyes.Agents.EnabledBoolean1 for enabled, 0 for disabled (Enterprise Agents only)
ThousandEyes.Agents.KeepBrowserCacheBoolean1 for enabled, 0 for disabled (Enterprise Agents and Enterprise Clusters only)
ThousandEyes.Agents.VerifySslCertificatesBoolean1 for enabled, 0 for disabled (Enterprise Agents and Enterprise Clusters only)
ThousandEyes.Agents.IpAdressesUnknownarray of ipAddress entries
ThousandEyes.Agents.LastSeenUnknownyyyy-MM-dd hh:mm:ss, expressed in UTC (Enterprise Agents only)
ThousandEyes.Agents.LocationStringlocation of the agent
ThousandEyes.Agents.NetworkStringname of the autonomous system in which the Agent is found (Enterprise Agents only)
ThousandEyes.Agents.PrefixStringNetwork prefix, expressed in CIDR format (Enterprise Agents only)
ThousandEyes.Agents.PublicIpAddressesUnknownarray of ipAddress entries
ThousandEyes.Agents.TargetForTestsStringtarget IP address or domain name representing test destination when agent is acting as a test target in an agent-to-agent test (Enterprise Agents only)
ThousandEyes.Agents.AgentStateStringOnline, Offline or Disabled (standalone Enterprise Agents only)
ThousandEyes.Agents.UtilizationIntegershows overall utilization percentage (online Enterprise Agents and Enterprise Clusters only)
ThousandEyes.Agents.IPv6PolicyStringIP version policy, can be FORCE_IPV4, PREFER_IPV6 or FORCE_IPV6 (Enterprise Agents and Enterprise Clusters only)
ThousandEyes.Agents.HostnameStringfully qualified domain name of the agent (Enterprise Agents only)
ThousandEyes.Agents.CreatedDateUnknownyyyy-MM-dd hh:mm:ss, expressed in UTC. For Enterprise Clusters, this equals to the createdDate value of the initial cluster member before the conversion to cluster was performed (Enterprise Agents and Enterprise Clusters only)
ThousandEyes.Agents.ErrorDetailsUnknownif an enterprise agent or a cluster member presents at least one error, the errors will be shown as an array of entries in the errorDetails field (Enterprise Agents and Enterprise Cluster members only)

thousandeyes-get-agent#


Fetches a given agent.

Base Command#

thousandeyes-get-agent

Input#

Argument NameDescriptionRequired
agent_idAgent ID to fetch.Required

Context Output#

There is no context output for this command.