Securonix SNYPR

Version: 2.0.0

SNYPR is a security analytics platform that transforms Big Data into actionable security intelligence. It delivers the proven power of Securonix analytics with the speed, scale, and affordable, long-term storage of Hadoop in a single, out-of-the box solution.

Connect Securonix SNYPR with LogicHub

Navigate to Automations > Integrations.
Search for Securonix SNYPR.
Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- URL: URL to your SNYPR instance. Example: 'https://www.example.com/Snypr'.
- Tenant (Optional): SNYPR Tenant. Default "Securonix".
- Username: Username for the SNYPR account.
- Password: Password for the SNYPR account.
After you've entered all the details, click Connect.

Actions for Securonix SNYPR

Get Activity Data

Get Activity Data (also known as "event data") for a specific Datasource by running a Spotter query on Activity selection. For activity data, querying is allowed only for a 24-hour time range window. You can add additional conditions to the query for custom results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
Additional Query conditions	Jinja-templated text containing additional query conditions.	Optional
Event Time Start Range	Start Range of event time. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-start-time).	Optional
Event Time End Range	End Range of event time. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-end-time).	Optional
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output

If split rows are selected, events in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of an Event data

else a single row containing an array of events is displayed:

has_error: True/False
error: message/null
events: array of Activity Events json data

List Resources

Displays a list of all users, peer groups, resource groups, or policies.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
List Type	Select the type of List to be listed. Policies/Resource Groups/Users/Peer Groups.	Required

Output

A JSON object containing multiple rows of result:

has_error: True/False
error: message/null
resource json of either of Policies/Resource Groups/Users/Peer Groups

Search Users

Search users in your organization.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
User Attribute Filter	Enter Jinja-templatized text to filter users by attribute(s). Sample attributes: companycode, costcentername, country, department, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, workemail, networkid, approveremployeeid, mobile, usercriticality, managerfirstname, managerlastname, companynumber, orgunitnumber, regtempin, hierarchy, fulltimeparttimein, userriskscore, costcentercode, usertimezoneoffset. Example: location="{{location_column}}" AND lastname="{{lastname_column}}".	Optional
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output

If split rows are selected, users in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of User data

else a single row containing an array of users is displayed:

has_error: True/False
error: message/null
events: array of User json data

Search Watchlist

Search watchlists in your organization.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
User Attribute Filter	Enter Jinja-templatized text to filter watchlists by attribute(s). Sample attributes: companycode, costcentername, country, department, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, workemail, confidencefactor, decayflag, entityname, expired, expirydate, reason, type, watchlistname, watchlistuniquekey. Eg: location="{{location_column}}" AND lastname="{{lastname_column}}".	Optional
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output

If split rows are selected, watchlists in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of Watchlist data

else a single row containing an array of users is displayed:

has_error: True/False
error: message/null
events: array of Watchlist json data

Get Violations

Get violations in violation collection.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
User Attribute Filter	Jinja-templated text containing additional query conditions.	Optional
From	Generation-time From. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-start-time).	Optional
To	Generation-time To. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-end-time).	Optional
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output of Action:
If split rows are selected, violations data in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of a Violation data

else a single row containing an array of violations is displayed:

has_error: True/False
error: message/null
events: array of Violation json data

Risk Scorecard/History

List the user's risk scorecard or history data.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
Risk Data	Select the required Risk Data. Risk Score/Risk History.	Required
User Attribute Filter	Enter Jinja-templatized text to filter risks by attribute(s). Sample attributes: violator, companycode, costcentername, country, department, division, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, userid, workemail, workphone. Eg: location="{{location_column}}" AND lastname="{{lastname_column}}".	Optional
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output

If split rows are selected, risk data in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of an Risk data

else a single row containing an array of risk is displayed:

has_error: True/False
error: message/null
events: array of Risk json data

Run Spotter Query

Run generic Spotter Query on your SNYPR Instance.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
Query String	Enter Jinja-templatized query string. Example: 'index=users AND location="Dallas" AND lastname="OGWA"'.	Required
Split Rows	Split events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').	Optional

Output

if Split Rows is selected, results in separate rows are displayed in json format:

has_error: True/False
error: message/null
other fields of result data

else a single row containing an array of users is displayed:

has_error: True/False
error: message/null
events: array of json results

Add Comment to Violation

Adds a comment to a SNYPR Violation.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name	Description	Required
Violation Name	Enter Jinja-templatized violation policy name.
Datasource Name	Enter Jinja-templatized resource group name.
Entity Type	Select column containing the value for entity type. Valid values are "Users", "Activityaccount", "RGActivityaccount", "Resources", "Activityip".
Entity Name	Enter Jinja-templatized account name associated with the violation.
Comment	Enter Jinja-templatized comment that you want to add.
Status Action	Select column containing the value for action to perform. Example: "Non-Concern".
Resource Name	Enter Jinja-templatized resource name. It is mandatory to provide a resource name if the entity type is `Activityaccount`.	Optional
Employee Id	Enter Jinja-templatized employee id.	Optional

Output

A JSON object containing multiple rows of result:

has_error: True/False
error: message/null
other fields of result data

Release Notes

v2.0.0 - Updated architecture to support IO via filesystem

Updated about 1 year ago