Skip to main content

UBIRCH

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

The UBIRCH solution can be seen as an external data certification provider, as a data notary service, giving data receivers the capability to verify data they have received with regard to its authenticity and integrity and correctness of sequence. This integration was integrated and tested with version v1.0.0 of UBIRCH

Configure UBIRCH on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for UBIRCH.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    urlYour MQTT host nameTrue
    portportTrue
    credentialsUsernameTrue
    longRunningLong running instanceFalse
    tenantIdTenant IdTrue
    stageStageTrue
  4. Click Test to validate the url, port and credentials.

Usage#

The UBIRCH integration is a long-running implementation. Whenever a verification of ubirched data fails, the incident is created with the following fields:

FieldTypeDescription
namestringName of the incident to be created.
typestringType of the incident to be created. If not provided, the value of the integration parameter Incident type will be used.
labelsobjectRequestId and deviceId of the incident to be created. For example, [{"type":"requestId", "value":"94a55743-d285-487a-839f-3005f3f8854a"}, {"type":"hwDeviceId", "value":"ba70ad8b-a564-4e58-9a3b-224ac0f0153f"}]
severitystringSeverity level of the incident. levels are Critical, High, Medium, Low, Unknown.
occurredstringDate the incident occurred in ISO-8601 format.
detailsobjectDetails of the incident to be created. For example, {"field1":"value1","field2":"value2"}
raw_jsonobjectDetails of the incident to be created. For example, {"field1":"value1","field2":"value2"}

The incidents are based on these errors written in this page.

  • The error codes, NA401 - 4000, have a severity type HIGH because it may indicate that someone is trying to get authorization in an invalid manner OR that our ThingAPI is acting up.
  • The error codes, ND403 - 1200, have a severity type HIGH because this error would likely mean that the UPP is corrected in some way, which can be a red flag.
  • The error codes, ND400 - 2300, have a severity type MEDIUM as if the payload of a UPP is null, then no Hash can be processed. This is of course controlled, but it is very strange if the UPP is empty.
  • The rest of the errors have a severity type UNKNOWN.