Skip to content

Interpres Application - Gravwell

Type: SIEM/Data Lake
Vendor: Gravwell

Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source.

Vendor setup

Create a token in the API Token System. The Tokens API interface is located in the "Tools & Resources" navigation section.

Gravwell capabilities required: * Search * AlertRead

Gravwell tag access required: * All Possible Tags

App Configuration

App Parameters:

Base URL: The URL to the source instance using the following format http[s]://\<server name or ip>:\<port>
Token: Token
Verify server certificate: Verify server certificate.
Proxy: A valid proxy server using the following format http[s]://\<server name or ip>:\<port>

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

Get Alerts: Gets the latest alerts.
Get Available Telemetry: Returns a list of telemetry identifiers with their current status.
Get Detections: Returns a list of detections.