Accenture MSS

Leverage the power of Accenture Managed Security Services for continual threat monitoring and customized guidance 24x7

Integration with LogicHub

Connecting with Accenture MSS

To connect to Accenture MSS following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • URL: URL to your Accenture MSS instance. Example: https://api.monitoredsecurity.com
  • Certificate: Upload Certificate to access your Accenture MSS instance
  • Passphrase: Enter Certificate passphrase

Actions with Accenture MSS

Incident: Get Recent List

Returns a list of security incidents based on given search parameters. If a parameter is left blank or null, the method will return incidents matching all values. This action searches on the created timestamp, updated timestamp, and LatestKeyEvent timestamp of the incidents.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Start Time (Optional): Jinja-templated text for star time to fetch incidents created since the specified date in UTC (Default is batch-start-time). The format should be %Y-%m-%dT%H:%M:%S. Eg: {{start_time_column}}
  • Jinja Template End Time (Optional): Jinja-templated text for star time to fetch incidents created before the specified date in UTC (Default is batch-end-time). The format should be %Y-%m-%dT%H:%M:%S. Eg: {{end_time_column}}
  • Jinja Template Severities (Optional): Jinja-templated text for comma-delimited list of valid Security Incident severities set by customers.
  • Jinja Template Source Organizations (Optional): Jinja-templated text for comma-delimited list of valid Source Organizations.
  • Jinja Template Destination Organizations (Optional): Jinja-templated text for comma-delimited list of valid Destination Organizations.
  • Max Incidents (Optional): Enter the maximum number of incidents to return.
  • Jinja Template Source IPs (Optional): Jinja-templated text for comma-delimited list of valid Source IP Addresses.
  • Jinja Template Categories (Optional): Jinja-templated text for comma-delimited list of valid Security Incident Categories to include.
  • Jinja Template Exclude Categories (Optional): Jinja-templated text for comma-delimited list of valid Security Incident Categories to exclude.
  • Timeout for each parallel execution in seconds (Optional): Time out for per row API requests in seconds (Default is no limit on the wait time).

Output of Action
Multiple rows of result JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Incident
{
  "Category": "No Category",
  "Classification": "Scan for Web Servers",
  "Correlation": "No",
  "CountryCode": "CC0",
  "CountryName": "CName0",
  "CountryOfOrigin": null,
  "CustomerSeverity": null,
  "DaysSeenGlobally": "0",
  "DaysSeenInLast30Days": "0",
  "DestOrganizationName": "Org0",
  "FirstSeenGlobally": "2020-12-16T13:05:38.9816284+00:00",
  "FirstSeenInLast30Days": "2020-12-16T13:05:38.9816284+00:00",
  "GlobalLookbackDays": "2",
  "HostNameList": null,
  "IncidentNumber": "565656",
  "IsInternalExternal": null,
  "LatestKeyEvent": "2020-12-16T13:05:38.9816284+00:00",
  "PrevalenceGlobally": "L",
  "Severity": "Informational",
  "SourceIPString": "0.0.0.0",
  "SourceOrganizationName": "Org1",
  "TimeCreated": "2020-12-16T13:05:38.9816284+00:00",
  "UpdateTimestampGMT": "2020-12-16T13:05:38.9816284+00:00",
  "UserList": null,
  "error": null,
  "has_error": false
}

Incident: Workflow Query

Returns incident details with workflow information for a given incident number.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Incident Number: Select column containing the incident number in the SOC.
  • Max Signatures (Optional): If this parameter is set, the method only returns up to this number of Signatures for the Incident. It will first display the signatures with KeyEvents set to true then choose randomly from the other non-key events (default is empty).
  • Timeout for each parallel execution in seconds (Optional): Time out for per row API requests in seconds (Default is no limit on the wait time).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Incident with workflow
{
  "IncidentNumber": "566045",
  "TimeCreated": "2020-12-16T13:09:05.1934129+00:00",
  "Correlation": "Yes",
  "Severity": "Informational",
  "Classification": "Activity Summary - Scans for Web Servers",
  "Description": "Scans for Web Servers have been detected",
  "AnalystAssessment": "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.",
  "CountryCode": "US",
  "CountryName": "United States of America",
  "NumberOfAnalyzedSignatures": "5",
  "SourceOrganizationList": {
    "Organization": [
      {
        "OrganizationName": "Org0"
      },
      {
        "OrganizationName": "Org1"
      },
      {
        "OrganizationName": "Org2"
      },
      {
        "OrganizationName": "Org3"
      },
      {
        "OrganizationName": "Org4"
      },
      {
        "OrganizationName": "Org5"
      },
      {
        "OrganizationName": "Org6"
      },
      {
        "OrganizationName": "Org7"
      },
      {
        "OrganizationName": "Org8"
      },
      {
        "OrganizationName": "Org9"
      }
    ]
  },
  "DestinationOrganizationList": {
    "Organization": [
      {
        "OrganizationName": "Org0"
      },
      {
        "OrganizationName": "Org1"
      },
      {
        "OrganizationName": "Org2"
      },
      {
        "OrganizationName": "Org3"
      },
      {
        "OrganizationName": "Org4"
      },
      {
        "OrganizationName": "Org5"
      },
      {
        "OrganizationName": "Org6"
      },
      {
        "OrganizationName": "Org7"
      },
      {
        "OrganizationName": "Org8"
      },
      {
        "OrganizationName": "Org9"
      }
    ]
  },
  "RelatedTickets": null,
  "SignatureList": {
    "Signature": {
      "SignatureNumber": "898989",
      "SignatureName": "Symantec AV Alert",
      "VendorSignature": null,
      "FirstSeenInLast30Days": "0001-01-01T00:00:00",
      "DaysSeenInLast30Days": "0",
      "IsKey": "false",
      "FirstSeenGlobally": "0001-01-01T00:00:00",
      "DaysSeenGlobally": "0",
      "PrevalenceGlobally": null,
      "GlobalLookbackDays": "0",
      "TimeCreated": "2020-12-16T13:10:05.1934129+00:00",
      "Classification": null,
      "Category": "Probes",
      "SourceIPString": "0.0.0.0",
      "HostName": "Host-0.0.0.0",
      "NumberBlocked": "0",
      "NumberNotBlocked": "0",
      "CountryCode": "CC0",
      "CountryName": "CName0",
      "SourceOrganizationList": null,
      "CorrelatedEvent": "No",
      "Outcome": null,
      "CorrelatedEventList": null,
      "SourceIPAddressBinarySQL": null,
      "NetworkRanges": null,
      "FileDetails": null,
      "ReportingDeviceList": null,
      "AffectedAssetList": null,
      "DestinationOrganizationList": null,
      "SourceHostDetailList": null
    }
  },
  "WorkFlowDetail": {
    "Status": null,
    "Resolution": null,
    "Reference": null,
    "AssignedOrganization": "Org1",
    "AssignedPerson": null
  },
  "IncidentComments": {
    "IncidentComment": {
      "CommentedTimeStampGMT": "2012-05-12T00:00:00",
      "Comment": "CommentTest",
      "CommentedBy": "User1"
    }
  },
  "ActivityLogs": {
    "Activity": [
      {
        "FieldName": "WorkflowComment",
        "OldValue": "Activity Summary - Insecure SNMP Community String",
        "NewValue": "Activity Summary - Peer-to-Peer Usage",
        "ActivityDateGMT": "2012-05-14T00:00:00",
        "ActivityBy": "User1"
      },
      {
        "FieldName": "Incident Type",
        "OldValue": "-",
        "NewValue": "Escalation Comment was added",
        "ActivityDateGMT": "2012-07-14T00:00:00",
        "ActivityBy": "User2"
      }
    ]
  },
  "IncidentAttachmentItems": {
    "IncidentAttachmentItem": {
      "AttachmentNumber": "1234",
      "AttachmentName": "Test.sample",
      "UploadDateGMT": "2012-07-14T00:00:00",
      "UploadBy": "User1",
      "Comment": "Test"
    }
  },
  "IsGroupIncidentAvailable": "false",
  "RelatedIncidents": {
    "IncidentNumber": [
      "1235",
      "123456",
      "123457"
    ]
  },
  "error": null,
  "has_error": false
}

Update Incident Workflow

Updates an incident workflow in Accenture MSS.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Incident Number: Select column containing the incident number in the SOC.
  • Status: Select column containing status to update with.
  • Status Resolution: Select column containing Incident Status Resolution to update with.
  • Severity: Select column containing Incident Severity to update with.
  • Reference Comments (Optional): Select column containing reference comments to update with.
  • Assigned to Organization (Optional): Select column containing Organization to update assignee with. Exactly one of AssigneeOrganization or AssigneePerson should be non-empty in the parent table.
  • Assigned to Person (Optional): Person to update assignee with. Exactly one of AssigneeOrganization or AssigneePerson should be non-empty in the parent table.
  • Comments (Optional): Jinja-templated comments to update the incident with.
  • Group Update (Optional): Select column containing a value for performing group update true/false. If true, workflow changes are applied to this incident as well as related incidents. Set it to true only if the incident has any related incidents, otherwise, it will throw a DataNotFound exception.
  • Timeout for each parallel execution in seconds (Optional): Time out for per row API requests in seconds (Default is no limit on the wait time).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Update operation reported a failure at Accenture MSS/Successfully updated.
{
  "result": "Successfully updated.",
  "error": null,
  "has_error": false
}

Incident: Create Ticket

Creates a ticket for an Incident in Accenture MSS.
Note: If you encounter a TooManyRequests error, try setting an appropriate value for Time between consecutive API requests (in millis) (like 6000)

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Incident Template: Jinja-templated XML body of IncidentCreateRequest containing details of the ticket being created.
<IncidentRequestCreate>
    <IncidentNumber>{{incident_number_column}}</IncidentNumber>
    <UrgencyName>{{urgency_column}}</UrgencyName>
    <Description>LogicHub created Ticket {{incident_number_column}}</Description>
    <RequestedByOrgName>{{requested_org_column}}</RequestedByOrgName>
    <AssignedToOrgName>{{assigned_org_column}}</AssignedToOrgName>
    <ActivityLog>Created by LogicHub</ActivityLog>
</IncidentRequestCreate>
  • Attachment File ID (Optional): Select column containing comma-delimited LogicHub File Ids to upload as attachments. Eg: 04d717dd33114e57a2e73583ecdcdedc, e552f9a8dbb847d4b969bae566d869b9.
  • Timeout for each parallel execution in seconds (Optional): Time out for per row API requests in seconds (Default is no limit on the wait time).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • other keys containing details on the ticket created
{
  "TicketID": "SC1234",
  "FilesAttachedCount": "0",
  "FilesRejected": null,
  "error": null,
  "has_error": false
}

Ticket: Query

Returns details of a given ticket by TicketID or ClientReference.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Ticket ID (Optional): Select column containing the ticket number in the SOC. Either this field or Client Reference can be blank. If both fields are specified, the Ticket ID will be used.
  • Client Reference (Optional): Select column containing the customer reference ticket number specified during ticket creation (currently, via the portal). Either this field or Ticket ID can be blank.
  • Timeout for each parallel execution in seconds (Optional): Time out for per row API requests in seconds (Default is no limit on the wait time).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • other keys containing information of Ticket
{
  "TicketID": "SC12345",
  "TicketCategory": "Alarm / Collection Outages",
  "Urgency": "High",
  "Description": "Lorem ipsum dolor sit amet",
  "RequestedByOrgID": "98765432",
  "RequestedByOrgName": "Org0",
  "AssignedToOrgID": "98765433",
  "AssignedToOrgName": "Org1",
  "CreatedDate": "2020-12-16T12:47:06.7034955+00:00",
  "LastUpdated": "2020-12-16T13:02:06.7034955+00:00",
  "ClosedDate": "2020-12-16T13:17:06.7034955+00:00",
  "Deadline": "2020-12-17T12:47:06.7034955+00:00",
  "ActivityLog": "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.",
  "ClosureCodeString": null,
  "RequestedByPersonName": "Doe, James",
  "Active": "false",
  "Status": "Closed",
  "ClientReference": "portal",
  "UpdateTimestampGMT": "0001-01-01T00:00:00",
  "RelatedTickets": null,
  "RelatedDeviceList": {
    "Device": [
      {
        "DeviceName": "Test0",
        "SearchCode": "Test0",
        "Status": "Production",
        "OwnerOrganization": "Org0",
        "LastLogReceived": "2020-12-16T13:32:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test1",
        "SearchCode": "Test1",
        "Status": "Production",
        "OwnerOrganization": "Org1",
        "LastLogReceived": "2020-12-16T13:31:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test2",
        "SearchCode": "Test2",
        "Status": "Production",
        "OwnerOrganization": "Org2",
        "LastLogReceived": "2020-12-16T13:30:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test3",
        "SearchCode": "Test3",
        "Status": "Production",
        "OwnerOrganization": "Org3",
        "LastLogReceived": "2020-12-16T13:29:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test4",
        "SearchCode": "Test4",
        "Status": "Production",
        "OwnerOrganization": "Org4",
        "LastLogReceived": "2020-12-16T13:28:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test5",
        "SearchCode": "Test5",
        "Status": "Production",
        "OwnerOrganization": "Org5",
        "LastLogReceived": "2020-12-16T13:27:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test6",
        "SearchCode": "Test6",
        "Status": "Production",
        "OwnerOrganization": "Org6",
        "LastLogReceived": "2020-12-16T13:26:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test7",
        "SearchCode": "Test7",
        "Status": "Production",
        "OwnerOrganization": "Org7",
        "LastLogReceived": "2020-12-16T13:25:06.7034955+00:00",
        "ChangeManager": "false"
      },
      {
        "DeviceName": "Test8",
        "SearchCode": "Test8",
        "Status": "Production",
        "OwnerOrganization": "Org8",
        "LastLogReceived": "2020-12-16T13:24:06.7034955+00:00",
        "ChangeManager": "true"
      },
      {
        "DeviceName": "Test9",
        "SearchCode": "Test9",
        "Status": "Production",
        "OwnerOrganization": "Org9",
        "LastLogReceived": "2020-12-16T13:23:06.7034955+00:00",
        "ChangeManager": "false"
      }
    ]
  },
  "RelatedSecurityIncidents": null,
  "LastModifiedDate": "2020-12-16T13:02:06.7034955+00:00",
  "error": null,
  "has_error": false
}

Did this page help you?