Accenture MSS

Version: 2.0.0

Leverage the power of Accenture Managed Security Services for continual threat monitoring and customized guidance 24x7.

Connect Accenture MSS with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Accenture MSS.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your Accenture MSS instance. Example: https://api.monitoredsecurity.com.
    • Certificate: Upload Certificate to access your Accenture MSS instance.
    • Passphrase: Enter Certificate passphrase.
  4. After you've entered all the details, click Connect.

Actions for Accenture MSS

Incident: Get Recent List

Returns a list of security incidents based on given search parameters. If a parameter is left blank or null, the method will return incidents matching all values. This action searches on the created timestamp, updated timestamp, and LatestKeyEvent timestamp of the incidents.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Start TimeJinja-templated text for star time to fetch incidents created since the specified date in UTC (Default is batch-start-time).
The format should be %Y-%m-%dT%H:%M:%S. Example: {{start_time_column}}
Optional
End TimeJinja-templated text for star time to fetch incidents created before the specified date in UTC (Default is batch-end-time). The format should be %Y-%m-%dT%H:%M:%S. Example: {{end_time_column}}Optional
SeveritiesJinja-templated text for comma-delimited list of valid Security Incident severities set by customers.Optional
Source OrganizationsJinja-templated text for comma-delimited list of valid Source Organizations.Optional
Destination OrganizationsJinja-templated text for comma-delimited list of valid Destination Organizations.Optional
Max IncidentsEnter the maximum number of incidents to return.Optional
Source IPsJinja-templated text for comma-delimited list of valid Source IP Addresses.Optional
CategoriesJinja-templated text for comma-delimited list of valid Security Incident Categories to include.Optional
Exclude CategoriesJinja-templated text for comma-delimited list of valid Security Incident Categories to exclude.Optional
Timeout for each parallel execution in secondsTime out for per row API requests in seconds (default is no limit on the wait time).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Incident
{
  "Category": "No Category",
  "Classification": "Scan for Web Servers",
  "Correlation": "No",
  "CountryCode": "CC0",
  "CountryName": "CName0",
  "CountryOfOrigin": null,
  "CustomerSeverity": null,
  "DaysSeenGlobally": "0",
  "DaysSeenInLast30Days": "0",
  "DestOrganizationName": "Org0",
  "FirstSeenGlobally": "2020-12-16T13:05:38.9816284+00:00",
  "FirstSeenInLast30Days": "2020-12-16T13:05:38.9816284+00:00",
  "GlobalLookbackDays": "2",
  "HostNameList": null,
  "IncidentNumber": "565656",
  "IsInternalExternal": null,
  "LatestKeyEvent": "2020-12-16T13:05:38.9816284+00:00",
  "PrevalenceGlobally": "L",
  "Severity": "Informational",
  "SourceIPString": "0.0.0.0",
  "SourceOrganizationName": "Org1",
  "TimeCreated": "2020-12-16T13:05:38.9816284+00:00",
  "UpdateTimestampGMT": "2020-12-16T13:05:38.9816284+00:00",
  "UserList": null,
  "error": null,
  "has_error": false
}

Incident: Workflow Query

Returns incident details with workflow information for a given incident number.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Incident NumberSelect column containing the incident number in the SOC.Required
Max SignaturesIf this parameter is set, the method only returns up to this number of Signatures for the Incident. It will first display the signatures with KeyEvents set to true then choose randomly from the other non-key events (default is empty).Optional
Timeout for each parallel execution in secondsTime out for per row API requests in seconds (default is no limit on the wait time).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Incident with workflow
{
  "IncidentNumber": "566045",
  "TimeCreated": "2020-12-16T13:09:05.1934129+00:00",
  "Correlation": "Yes",
  "Severity": "Informational",
  "Classification": "Activity Summary - Scans for Web Servers",
  "Description": "Scans for Web Servers have been detected",
  "AnalystAssessment": "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.",
  "CountryCode": "US",
  "CountryName": "United States of America",
  "NumberOfAnalyzedSignatures": "5",
  "SourceOrganizationList": {
    "Organization": [
      {
        "OrganizationName": "Org0"
      },
      {
        "OrganizationName": "Org1"
      },
      {
        "OrganizationName": "Org2"
      },
      {
        "OrganizationName": "Org3"
      },
      {
        "OrganizationName": "Org4"
      },
      {
        "OrganizationName": "Org5"
      },
      {
        "OrganizationName": "Org6"
      },
      {
        "OrganizationName": "Org7"
      },
      {
        "OrganizationName": "Org8"
      },
      {
        "OrganizationName": "Org9"
      }
    ]
  },
  "DestinationOrganizationList": {
    "Organization": [
      {
        "OrganizationName": "Org0"
      },
      {
        "OrganizationName": "Org1"
      },
      {
        "OrganizationName": "Org2"
      },
      {
        "OrganizationName": "Org3"
      },
      {
        "OrganizationName": "Org4"
      },
      {
        "OrganizationName": "Org5"
      },
      {
        "OrganizationName": "Org6"
      },
      {
        "OrganizationName": "Org7"
      },
      {
        "OrganizationName": "Org8"
      },
      {
        "OrganizationName": "Org9"
      }
    ]
  },
  "RelatedTickets": null,
  "SignatureList": {
    "Signature": {
      "SignatureNumber": "898989",
      "SignatureName": "Symantec AV Alert",
      "VendorSignature": null,
      "FirstSeenInLast30Days": "0001-01-01T00:00:00",
      "DaysSeenInLast30Days": "0",
      "IsKey": "false",
      "FirstSeenGlobally": "0001-01-01T00:00:00",
      "DaysSeenGlobally": "0",
      "PrevalenceGlobally": null,
      "GlobalLookbackDays": "0",
      "TimeCreated": "2020-12-16T13:10:05.1934129+00:00",
      "Classification": null,
      "Category": "Probes",
      "SourceIPString": "0.0.0.0",
      "HostName": "Host-0.0.0.0",
      "NumberBlocked": "0",
      "NumberNotBlocked": "0",
      "CountryCode": "CC0",
      "CountryName": "CName0",
      "SourceOrganizationList": null,
      "CorrelatedEvent": "No",
      "Outcome": null,
      "CorrelatedEventList": null,
      "SourceIPAddressBinarySQL": null,
      "NetworkRanges": null,
      "FileDetails": null,
      "ReportingDeviceList": null,
      "AffectedAssetList": null,
      "DestinationOrganizationList": null,
      "SourceHostDetailList": null
    }
  },
  "WorkFlowDetail": {
    "Status": null,
    "Resolution": null,
    "Reference": null,
    "AssignedOrganization": "Org1",
    "AssignedPerson": null
  },
  "IncidentComments": {
    "IncidentComment": {
      "CommentedTimeStampGMT": "2012-05-12T00:00:00",
      "Comment": "CommentTest",
      "CommentedBy": "User1"
    }
  },
  "ActivityLogs": {
    "Activity": [
      {
        "FieldName": "WorkflowComment",
        "OldValue": "Activity Summary - Insecure SNMP Community String",
        "NewValue": "Activity Summary - Peer-to-Peer Usage",
        "ActivityDateGMT": "2012-05-14T00:00:00",
        "ActivityBy": "User1"
      },
      {
        "FieldName": "Incident Type",
        "OldValue": "-",
        "NewValue": "Escalation Comment was added",
        "ActivityDateGMT": "2012-07-14T00:00:00",
        "ActivityBy": "User2"
      }
    ]
  },
  "IncidentAttachmentItems": {
    "IncidentAttachmentItem": {
      "AttachmentNumber": "1234",
      "AttachmentName": "Test.sample",
      "UploadDateGMT": "2012-07-14T00:00:00",
      "UploadBy": "User1",
      "Comment": "Test"
    }
  },
  "IsGroupIncidentAvailable": "false",
  "RelatedIncidents": {
    "IncidentNumber": [
      "1235",
      "123456",
      "123457"
    ]
  },
  "error": null,
  "has_error": false
}

Update Incident Workflow

Updates an incident workflow in Accenture MSS.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Incident NumberSelect column containing the incident number in the SOC.Required
StatusSelect column containing status to update with.Required
Status ResolutionSelect column containing Incident Status Resolution to update with.Required
SeveritySelect column containing Incident Severity to update with.Required
Reference CommentsSelect column containing reference comments to update with.Optional
Assigned to OrganizationSelect column containing Organization to update assignee with. Exactly one of AssigneeOrganization or AssigneePerson should be non-empty in the parent table.Optional
Assigned to PersonPerson to update assignee with. Exactly one of AssigneeOrganization or AssigneePerson should be non-empty in the parent table.Optional
CommentsJinja-templated comments to update the incident with.Optional
Group UpdateSelect column containing a value for performing group update true/false. If true, workflow changes are applied to this incident as well as related incidents. Set it to true only if the incident has any related incidents, otherwise, it will throw a DataNotFound exception.Optional
Timeout for each parallel execution in secondsTime out for per row API requests in seconds (Default is no limit on the wait time).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Update operation reported a failure at Accenture MSS/Successfully updated.
{
  "result": "Successfully updated.",
  "error": null,
  "has_error": false
}

Incident: Create Ticket

Creates a ticket for an Incident in Accenture MSS.

📘

If you encounter a TooManyRequests error, try setting an appropriate value for Time between consecutive API requests (in millis) (like 6000).

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Incident TemplateJinja-templated XML body of IncidentCreateRequest containing details of the ticket being created.Required
Attachment File IDSelect column containing comma-delimited LogicHub File Ids to upload as attachments. Example: 04d717dd33114e57a2e73583ecdcdedc, e552f9a8dbb847d4b969bae566d869b9.Optional
Timeout for each parallel execution in secondsTime out for per row API requests in seconds (Default is no limit on the wait time).Optional
<IncidentRequestCreate>
	<IncidentNumber>{{incident_number_column}}</IncidentNumber>
	<UrgencyName>{{urgency_column}}</UrgencyName>
	<Description>LogicHub created Ticket {{incident_number_column}}</Description>
	<RequestedByOrgName>{{requested_org_column}}</RequestedByOrgName>
	<AssignedToOrgName>{{assigned_org_column}}</AssignedToOrgName>
	<ActivityLog>Created by LogicHub</ActivityLog>
</IncidentRequestCreate>

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • other keys containing details on the ticket created
{
  "TicketID": "SC1234",
  "FilesAttachedCount": "0",
  "FilesRejected": null,
  "error": null,
  "has_error": false
}

Ticket: Query

Returns details of a given ticket by TicketID or ClientReference.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Ticket IDSelect column containing the ticket number in the SOC. Either this field or Client Reference can be blank. If both fields are specified, the Ticket ID will be used.Optional
Client ReferenceSelect column containing the customer reference ticket number specified during ticket creation (currently, via the portal). Either this field or Ticket ID can be blank.Optional
Timeout for each parallel execution in secondsTime out for per row API requests in seconds (default is no limit on the wait time).Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Ticket
{
  "TicketID": "SC12345",
  "TicketCategory": "Alarm / Collection Outages",
  "Urgency": "High",
  "Description": "Lorem ipsum dolor sit amet",
  "RequestedByOrgID": "98765432",
  "RequestedByOrgName": "Org0",
  "AssignedToOrgID": "98765433",
  "AssignedToOrgName": "Org1",
  "CreatedDate": "2020-12-16T12:47:06.7034955+00:00",
  "LastUpdated": "2020-12-16T13:02:06.7034955+00:00",
  "ClosedDate": "2020-12-16T13:17:06.7034955+00:00",
  "Deadline": "2020-12-17T12:47:06.7034955+00:00",
  "ActivityLog": "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.",
  "ClosureCodeString": null,
  "RequestedByPersonName": "Doe, James",
  "Active": "false",
  "Status": "Closed",
  "ClientReference": "portal",
  "UpdateTimestampGMT": "0001-01-01T00:00:00",
  "RelatedTickets": null,
  "RelatedDeviceList": {
    "Device": [
      {
        "DeviceName": "Test0",
        "SearchCode": "Test0",
        "Status": "Production",
        "OwnerOrganization": "Org0",
        "LastLogReceived": "2020-12-16T13:32:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test1",
        "SearchCode": "Test1",
        "Status": "Production",
        "OwnerOrganization": "Org1",
        "LastLogReceived": "2020-12-16T13:31:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test2",
        "SearchCode": "Test2",
        "Status": "Production",
        "OwnerOrganization": "Org2",
        "LastLogReceived": "2020-12-16T13:30:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test3",
        "SearchCode": "Test3",
        "Status": "Production",
        "OwnerOrganization": "Org3",
        "LastLogReceived": "2020-12-16T13:29:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test4",
        "SearchCode": "Test4",
        "Status": "Production",
        "OwnerOrganization": "Org4",
        "LastLogReceived": "2020-12-16T13:28:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test5",
        "SearchCode": "Test5",
        "Status": "Production",
        "OwnerOrganization": "Org5",
        "LastLogReceived": "2020-12-16T13:27:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test6",
        "SearchCode": "Test6",
        "Status": "Production",
        "OwnerOrganization": "Org6",
        "LastLogReceived": "2020-12-16T13:26:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test7",
        "SearchCode": "Test7",
        "Status": "Production",
        "OwnerOrganization": "Org7",
        "LastLogReceived": "2020-12-16T13:25:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test8",
        "SearchCode": "Test8",
        "Status": "Production",
        "OwnerOrganization": "Org8",
        "LastLogReceived": "2020-12-16T13:24:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test9",
        "SearchCode": "Test9",
        "Status": "Production",
        "OwnerOrganization": "Org9",
        "LastLogReceived": "2020-12-16T13:23:06.7034955+00:00",
        "ChangeManager": "false"
      }
    ]
  },
  "RelatedSecurityIncidents": null,
  "LastModifiedDate": "2020-12-16T13:02:06.7034955+00:00",
  "error": null,
  "has_error": false
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

© 2017-2021 LogicHub®. All Rights Reserved.