Zero Networks Segment
This Integration is part of the Zero Networks Segment Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
This is the Zero Networks event collector integration for Cortex XSIAM.
Configure Zero Networks Segment Event Collector on Cortex XSIAM#
Navigate to Settings > Configurations > Data Collection > Automation & Feed Integrations.
Search for Zero Networks Segment Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL True API Key The API key to use for connection. True Fetch network events False Network Activity Filters Use filters to reduce the amount of events. False Maximum audit events to fetch Maximum number of audit events per fetch. The default value is 10000. False Maximum network activities events to fetch Maximum number of network activities events per fetch. The default value is 2000. False Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
zero-networks-segment-get-events#
Gets events from Zero Networks Segment.
Base Command#
zero-networks-segment-get-events
Input#
| Argument Name | Description | Required |
|---|---|---|
| should_push_events | If true, the command will create events, otherwise it will only display them. Warning: Using this argument may lead to duplicate events. Possible values are: true, false. Default is false. | Required |
| from_date | Date from which to get events. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!zero-networks-segment-get-events from_date="2024-08-29T12:00:15.000Z"
Human Readable Output#
Audit Events#
| timestamp | auditType | destinationEntitiesList | details | enforcementSource |
|---|---|---|---|---|
| 1724928222479 | 1 | {"id": "fake_id"} | {"rule":"fake_rule", "id":"fake_id"} | 1 |
Network Activities Events#
| timestamp | protocol | state | trafficType | dst | src |
|---|---|---|---|---|---|
| 1724924207581 | 6 | 2 | 1 | {"assetId":"fake_dst", "ip":"1.2.3.4"} | {"assetId":"fake_src", "ip":"1.1.1.1"} |