D3 Security connector and action

edit

D3 Security connector and action

edit

The D3 Security connector uses axios to send a POST request to a D3 Security endpoint. The connector uses the run connector API to send the request. You can use the connector for rule actions.

To create this connector, you must first configure a webhook key in your D3 SOAR environment. For configuration tips, refer to Configure D3 Security.

Create connectors in Kibana

edit

You can create connectors in Stack Management > Connectors. For example:

D3 Security connector
Connector configuration
edit

D3 Security connectors have the following configuration properties:

Name
The name of the connector.
URL
The D3 Security API request URL.
Token
The D3 Security token.

Test connectors

edit

You can test connectors with the run connector API or as you’re creating or editing the connector in Kibana. For example:

D3 Security params test

The D3 Security actions have the following configuration properties.

Body

A typeless payload sent to the D3 Security API URL. For example:

this can be any type, it is not validated

Connector networking configuration

edit

Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.

Configure D3 Security

edit

To generate an API URL and a token in D3 Security:

  1. Log in to your D3 SOAR environment.
  2. Navigate to Configuration.
  3. Navigate to Integration. Search for Kibana. Click Fetch Event.
  4. Select the Enable Webhook checkbox.
  5. Click Set up Webhook Keys.
  6. Under Event Ingestion, click the plus sign(+). Select the site for the webhook integration, then click Generate.
  7. Copy the request URL and request header value to configure the connector.