D3 Security connector and action
editD3 Security connector and action
editThe D3 Security connector uses axios to send a POST request to a D3 Security endpoint. The connector uses the run connector API to send the request. You can use the connector for rule actions.
Prerequisites
editTo use a D3 Security connector, you must first configure a webhook key in your D3 SOAR environment. To generate an API URL and a token in D3 Security: 1. Log in to your D3 SOAR environment. 2. Navigate to Configuration. 3. Navigate to Integration > Search for “Kibana”. Click “Fetch Event”. 4. Select the "Enable Webhook" checkbox. 5. Click Set up Webhook Keys. 6. Under Event Ingestion, Click +. Select the site for the webhook integration, then click Generate. 7. Copy the Request URL and Request Header Value to configure the Kibana connector
Create connectors in Kibana
editYou can create connectors in Stack Management > Connectors. For example:
Connector configuration
editD3 Security connectors have the following configuration properties:
- Name
- The name of the connector.
- URL
- The D3 Security API request URL.
- Token
- The D3 Security token
Create preconfigured connectors
editIf you are running Kibana on-prem, you can define connectors by
adding xpack.actions.preconfigured
settings to your kibana.yml
file.
For example:
xpack.actions.preconfigured: my-d3security: name: preconfigured-d3security-connector-type actionTypeId: .d3security config: url: https://testurl.com/elasticsearch/VSOC/api/Data/Kibana/Security%20Operations/CreateEvents secrets: token: superlongtoken
Config defines information for the connector type.
-
url
- A URL string that corresponds to the D3 Security API URL.
Secrets defines sensitive information for the connector type.
-
token
- A string that corresponds to D3 Security API Token.
Test connectors
editYou can test connectors with the run connector API or as you’re creating or editing the connector in Kibana. For example:
The D3 Security actions have the following configuration properties.
- Body
-
A typeless payload sent to the D3 Security API URL. For example:
this can be any type, it is not validated
Connector networking configuration
editUse the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings
to set per-host configurations.