ThousandEyes Pack.#This Integration is part of the
Supported Cortex XSOAR versions: 6.2.0 and later.
This Integration is used to fetch-incidents via “Active alerts”, get alert details via “Alert details”, and get the “Agent list”. It was integrated and tested with API v6 of ThousandEyes.
Navigate to Settings > Integrations > Servers & Services.
Search for ThousandEyes .
Click Add instance to create and configure a new integration instance.
Parameter Required Base API URL True Password True Fetch incidents False Incidents Fetch Interval False Incident type False Trust any certificate (not secure) False Use system proxy settings False First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) False Minimum Severity to filter out the fetched alerts (only applicable for incidents) False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Fetches all the alerts.
|aid||AID to fetch Active Alerts from.||Optional|
|from_date||Explicit start date to fetch Alerts from.||Optional|
|to_date||Explicit end date to fetch Alerts to.||Optional|
|ThousandEyes.Alerts.AlertID||Integer||unique ID of the alert; each alert occurrence is assigned a new unique ID|
|ThousandEyes.Alerts.Active||Integer||0 for inactive, 1 for active, 2 for disabled. Alert is disabled if either alert rule itself has been deleted or the test it is applied to has been disabled, deleted, disabled alerting, or disassociated the alert rule from the test|
|ThousandEyes.Alerts.Agents||Unknown||array of monitors where the alert has at some point been active since the point that the alert was triggered. Not shown on BGP alerts.|
|ThousandEyes.Alerts.AID||Integer||Unique identifier of the Group AID|
|ThousandEyes.Alerts.DateStart||Unknown||the date/time where an alert rule was triggered, expressed in UTC|
|ThousandEyes.Alerts.ApiLinks||Unknown||list of hyperlinks to other areas of the API|
|ThousandEyes.Alerts.PermaLink||String||hyperlink to alerts list, with row expanded|
|ThousandEyes.Alerts.RuleExpression||String||string expression of alert rule|
|ThousandEyes.Alerts.RuleID||Integer||unique ID of the alert rule|
|ThousandEyes.Alerts.RuleName||String||name of the alert rule|
|ThousandEyes.Alerts.TestID||Integer||unique ID of the test|
|ThousandEyes.Alerts.TestName||String||name of the test|
|ThousandEyes.Alerts.ViolationCount||Integer||number of sources currently meeting the alert criteria|
|ThousandEyes.Alerts.Type||Integer||type of alert being triggered|
|ThousandEyes.Alerts.Severity||Integer||field with one of the following values: INFO, MAJOR, MINOR, CRITICAL for all alert types|
Fetches a given alert.
|alert_id||Alert ID to fetch.||Required|
There is no context output for this command.
Fetches all agents.
|ThousandEyes.Agents.AgentID||Integer||unique ID of agent|
|ThousandEyes.Agents.AgentName||String||display name of the agent|
|ThousandEyes.Agents.AgentType||String||Cloud, Enterprise or Enterprise Cluster, shows the type of agent|
|ThousandEyes.Agents.CountryID||String||ISO-3166-1 alpha-2 country code of the agent|
|ThousandEyes.Agents.Enabled||Boolean||1 for enabled, 0 for disabled (Enterprise Agents only)|
|ThousandEyes.Agents.KeepBrowserCache||Boolean||1 for enabled, 0 for disabled (Enterprise Agents and Enterprise Clusters only)|
|ThousandEyes.Agents.VerifySslCertificates||Boolean||1 for enabled, 0 for disabled (Enterprise Agents and Enterprise Clusters only)|
|ThousandEyes.Agents.IpAdresses||Unknown||array of ipAddress entries|
|ThousandEyes.Agents.LastSeen||Unknown||yyyy-MM-dd hh:mm:ss, expressed in UTC (Enterprise Agents only)|
|ThousandEyes.Agents.Location||String||location of the agent|
|ThousandEyes.Agents.Network||String||name of the autonomous system in which the Agent is found (Enterprise Agents only)|
|ThousandEyes.Agents.Prefix||String||Network prefix, expressed in CIDR format (Enterprise Agents only)|
|ThousandEyes.Agents.PublicIpAddresses||Unknown||array of ipAddress entries|
|ThousandEyes.Agents.TargetForTests||String||target IP address or domain name representing test destination when agent is acting as a test target in an agent-to-agent test (Enterprise Agents only)|
|ThousandEyes.Agents.AgentState||String||Online, Offline or Disabled (standalone Enterprise Agents only)|
|ThousandEyes.Agents.Utilization||Integer||shows overall utilization percentage (online Enterprise Agents and Enterprise Clusters only)|
|ThousandEyes.Agents.IPv6Policy||String||IP version policy, can be FORCE_IPV4, PREFER_IPV6 or FORCE_IPV6 (Enterprise Agents and Enterprise Clusters only)|
|ThousandEyes.Agents.Hostname||String||fully qualified domain name of the agent (Enterprise Agents only)|
|ThousandEyes.Agents.CreatedDate||Unknown||yyyy-MM-dd hh:mm:ss, expressed in UTC. For Enterprise Clusters, this equals to the createdDate value of the initial cluster member before the conversion to cluster was performed (Enterprise Agents and Enterprise Clusters only)|
|ThousandEyes.Agents.ErrorDetails||Unknown||if an enterprise agent or a cluster member presents at least one error, the errors will be shown as an array of entries in the errorDetails field (Enterprise Agents and Enterprise Cluster members only)|
Fetches a given agent.
|agent_id||Agent ID to fetch.||Required|
There is no context output for this command.