Securonix SNYPR

Version: 2.0.0

SNYPR is a security analytics platform that transforms Big Data into actionable security intelligence. It delivers the proven power of Securonix analytics with the speed, scale, and affordable, long-term storage of Hadoop in a single, out-of-the box solution.

Connect Securonix SNYPR with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Securonix SNYPR.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your SNYPR instance. Example: 'https://www.example.com/Snypr'.
    • Tenant (Optional): SNYPR Tenant. Default "Securonix".
    • Username: Username for the SNYPR account.
    • Password: Password for the SNYPR account.
  4. After you've entered all the details, click Connect.

Actions for Securonix SNYPR

Get Activity Data

Get Activity Data (also known as "event data") for a specific Datasource by running a Spotter query on Activity selection. For activity data, querying is allowed only for a 24-hour time range window. You can add additional conditions to the query for custom results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Additional Query conditionsJinja-templated text containing additional query conditions.Optional
Event Time Start RangeStart Range of event time. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-start-time).Optional
Event Time End RangeEnd Range of event time. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-end-time).Optional
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output

If split rows are selected, events in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of an Event data

else a single row containing an array of events is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of Activity Events json data

List Resources

Displays a list of all users, peer groups, resource groups, or policies.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
List TypeSelect the type of List to be listed. Policies/Resource Groups/Users/Peer Groups.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • resource json of either of Policies/Resource Groups/Users/Peer Groups

Search Users

Search users in your organization.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
User Attribute FilterEnter Jinja-templatized text to filter users by attribute(s). Sample attributes: companycode, costcentername, country, department, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, workemail, networkid, approveremployeeid, mobile, usercriticality, managerfirstname, managerlastname, companynumber, orgunitnumber, regtempin, hierarchy, fulltimeparttimein, userriskscore, costcentercode, usertimezoneoffset. Example: location="{{location_column}}" AND lastname="{{lastname_column}}".Optional
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output

If split rows are selected, users in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of User data

else a single row containing an array of users is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of User json data

Search Watchlist

Search watchlists in your organization.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
User Attribute FilterEnter Jinja-templatized text to filter watchlists by attribute(s). Sample attributes: companycode, costcentername, country, department, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, workemail, confidencefactor, decayflag, entityname, expired, expirydate, reason, type, watchlistname, watchlistuniquekey. Eg: location="{{location_column}}" AND lastname="{{lastname_column}}".Optional
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output

If split rows are selected, watchlists in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of Watchlist data

else a single row containing an array of users is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of Watchlist json data

Get Violations

Get violations in violation collection.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
User Attribute FilterJinja-templated text containing additional query conditions.Optional
FromGeneration-time From. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-start-time).Optional
ToGeneration-time To. The column value should be in the format 'MM/dd/yyyy HH:mm:ss' in the application timezone. (Default is flow-end-time).Optional
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output of Action:
If split rows are selected, violations data in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of a Violation data

else a single row containing an array of violations is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of Violation json data

Risk Scorecard/History

List the user's risk scorecard or history data.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Risk DataSelect the required Risk Data. Risk Score/Risk History.Required
User Attribute FilterEnter Jinja-templatized text to filter risks by attribute(s). Sample attributes: violator, companycode, costcentername, country, department, division, employeeid, employeetype, employeetypedescription, firstname, lastname, hiredate, jobcode, lanid, location, manageremployeeid, status, statusdescription, title, userid, workemail, workphone. Eg: location="{{location_column}}" AND lastname="{{lastname_column}}".Optional
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output

If split rows are selected, risk data in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of an Risk data

else a single row containing an array of risk is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of Risk json data

Run Spotter Query

Run generic Spotter Query on your SNYPR Instance.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Query StringEnter Jinja-templatized query string.
Example: 'index=users AND location="Dallas" AND lastname="OGWA"'.
Required
Split RowsSplit events into separate rows. Select 'Yes' to split or 'No' to get raw results. (Default 'Yes').Optional

Output

if Split Rows is selected, results in separate rows are displayed in json format:

  • has_error: True/False
  • error: message/null
  • other fields of result data

else a single row containing an array of users is displayed:

  • has_error: True/False
  • error: message/null
  • events: array of json results

Add Comment to Violation

Adds a comment to a SNYPR Violation.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Violation NameEnter Jinja-templatized violation policy name.
Datasource NameEnter Jinja-templatized resource group name.
Entity TypeSelect column containing the value for entity type. Valid values are "Users", "Activityaccount", "RGActivityaccount", "Resources", "Activityip".
Entity NameEnter Jinja-templatized account name associated with the violation.
CommentEnter Jinja-templatized comment that you want to add.
Status ActionSelect column containing the value for action to perform.
Example: "Non-Concern".
Resource NameEnter Jinja-templatized resource name. It is mandatory to provide a resource name if the entity type is Activityaccount.Optional
Employee IdEnter Jinja-templatized employee id.Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • other fields of result data

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

© 2017-2021 LogicHub®. All Rights Reserved.