Overview
Integrations in Devo SOAR enable interactions with the external world and play a crucial role in performing various actions. These integrations empower the platform to:
- Fetch Data: Access data from diverse sources, including databases (MYSQL, Postgres, MongoDB), Splunk, Sumo Logic, and more.
- Ingest Data: Send data back to external systems, such as inserting data into databases and SIEMs.
- Make HTTP Calls: Communicate with different services. For example, the AWS integration allows you to perform actions like 'Delete Access Key.'
To effectively use Devo SOAR for triage and automation, understanding how to create integrations is essential.
Integration Creation Steps
To create an integration we need to understand how integration works. So, first step while using any integration is creating connection.
Connection
In the context of integration, a Connection represents the most common parameters necessary to run your integration. For instance, in a Splunk integration, it might include the server's URL, username, and password, which are essential for making requests.
The purpose of a Connection is to eliminate the need to input your credentials repeatedly for each action.
Connection Validation
However, in real-world scenarios, the journey doesn't always end here. You might save the connection, proceed to create a playbook over the course of several days, and when it's finally time to use the integration, you find that the connection or credentials don't work. This often leads to frustrating delays as you go back to your team to obtain the correct credentials.
To address this issue, Devo SOAR provides Connection Validation to verify that your credentials are accurate. It involves performing a non-intrusive action without causing any side-effects. For example, in the AWS S3 bucket integration, you can attempt to list directories.
Action
After all the groundwork, the primary purpose of integrations is to execute actions following the triage process. Some examples of actions include:
- AWS S3 Upload File: Use this action to upload triage reports.
- IMAP Read Email: This action allows you to read employees' mailboxes and address issues like phishing emails.
Action Validation
While it's common to input the correct data, there are cases where it might be confusing to determine what the integration expects. This is where Action Validation comes into play. For instance:
- In Sumo Logic, the action may require a start time and end time to perform a query. However, the input could be expected in different formats, such as ISO date-time format '2023-11-04T15:33:04Z' or epoch time '1699112009'. Having basic validation for input helps catch errors early in the process.
These steps guide you through the process of creating and using integrations effectively within Devo SOAR.
Updated about 1 year ago