Skip to content

Interpres Application - Securonix

  • Type: SIEM/Data Lake
  • Vendor: Securonix

Vendor setup

Enable REST API

  • This integration requires access to the Securonix REST API which can be enabled under Menu > Administrator > Settings > Application Settings
  • For more information see, https://documentation.securonix.com/bundle/securonix-cloud-user-guide/page/content/rest-api-categories-intro.htm

User Setup

  • This integration requires read access to violations, resource groups, policies (detections) and activities.
  • Required permissions, for more information see https://documentation.securonix.com/bundle/securonix-cloud-user-guide/page/content/access-privileges.htm:
  • Add Data: Display Correlation Rules
  • Add Data: Configuration-Import Policies From CRP
  • Add Data: Configuration-Get Attributes For Policies
  • Add Data: Configuration-Get Object Attributes For Policies
  • Add Data: Configuration-Get Policy Master For Selected Type Content
  • Add Data: Configuration-Get Policy Master For Selected Type
  • Add Data: Configuration-Show Policy Scanner Job
  • Add Data: Activity Import-Show Policies
  • Add Data: Configuration-Get Specific Policy Details
  • Add Data: Resource-Get Policies List
  • Administration: Access Control-Validate Password
  • Administration: Show XML data for resource group
  • Analytics: Show policy list
  • AnalyticsWebServices: Get All Policies
  • AnalyticsWebServices: Get Policy violations
  • CESpotterSearchService: gets spotter search results paginated
  • CESpotterSearchService: gets spotter search results
  • Spotter: Spoter-Access for index=activity
  • Spotter: Spoter-Access for index=violation
  • SpotterWebServices: Query Spotter index queries
  • SpotterWebServices: Query Spotter activity queries
  • Views: Views-Resources[shows list of resource groups]
  • Views: Views-Resources[shows list of resources]

App Configuration

  • Username: User name
  • Password: Password
  • Base URL: It must be in the following format: https://<hostname or IPaddress>/Snypr

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Alerts: Returns count of alerts associated with a detection.
  • Get Detections: Returns a list of detections.
  • Get Available Telemetry: Returns a list of telemetry (visibility) stored in the SIEM.