Let Oomnitza be your single source of truth!
You'll get visibility of your assets as data from Intezer is automatically transformed into consumable information and actionable insights.
Connect Oomnitza and Intezer in minutes
You'll get visibility of your Intezer assets by creating configurable workflows to automate tasks such as:
-
- Getting and removing hosts.
- Adding and removing host labels.
Navigation
Before you start
Before you can create the integration with Oomnitza, you need to have added your Intezer Protect credentials to Oomnitza.
We recommend that you also create an extended integration for Intezer Protect assets. You can use the host information retrieved in this integration to trigger workflows.
Creating workflows
Create asset workflows
To create an asset workflow, you must complete these steps:
- Click Configuration > Workflows
- Click Add (+) and select Assets from the list.
- Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to New, the workflow will run for every new asset record added to Oomnitza.
- Drag and drop the API block onto the Sandbox.
- Click Edit on the API block and enter Intezer Protect in the search field.
- Select a preset from the list below. To choose a preset, click the forward arrow (>).
- Select the credentials that you created in Adding your Intezer credentials to Oomnitza.
- Enter any mandatory information when prompted. You can refer to existing Oomnitza fields by entering the field name in curly braces with spaces replaced with an underscore. For example:
{{label}}. - Select Advanced Mode.
- Select the Information tab. Ensure that the property
{{intezer_protect_host_id}}, exists in Oomnitza and is populated with information before you run this workflow. You can create an asset integration to retrieve this information before you run this workflow. -
Select the Response tab. You can map the entire response by placing
{{response}}in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields, as per the example below. - Connect the Blocks.
- Save, validate, and activate your workflow.
Fig: Mapping the Intezer Protect Get Host Details response.
Using the Intezer Protect Add Label to Host preset
The Intezer Protect Add Label to Host preset adds a label to a host, by Host ID. You will be prompted to supply the host label, such as prod-servers.
The host to be updated is referenced in the Advanced Mode > Information tab in the property{{intezer_protect_host_id}}.
Note
If successful, this workflow returns the following response {"result":true}. For further information, see Intezer Protect API Documentation: POST /v1-0/hosts/{host_id}/set-label.
Using the Intezer Protect Get Host Details preset
The Intezer Protect Get Host Details preset gets the details of a single host, by Host ID.
The host to be updated is retrieved in the Advanced Mode > Information tab in the property{{intezer_protect_host_id}}.
For further information, see Intezer Protect API Documentation: GET /v1-0/hosts/{host_id}.
Using the Intezer Protect Remove Host preset
The Intezer Protect Remove Host preset removes a single host, by Host ID. The host must be offline and not infected.
The host to be removed is retrieved in the Advanced Mode > Information tab in the property{{intezer_protect_host_id}}.
For further information, see Intezer Protect API Documentation: POST /v1-0/hosts/{host_id}/remove.
Using the Intezer Protect Remove Label from Host preset
The Intezer Protect Remove Label from Host preset removes a label from a host, by Host ID. You will be prompted to supply the name of the host label you want to remove.
The host to be removed is retrieved in the Advanced Mode > Information tab in the property{{intezer_protect_host_id}}.
For further information, see Intezer Protect API Documentation: POST /v1-0/hosts/{host_id}/unset-label.
Comments
0 comments
Please sign in to leave a comment.