Hi Everyone!
TL;DR Is there a preferred / Google supported manner which the health of configured integrations can be viewed / alerted on if any of the integrations do not connect? (Similar to the Splunk health monitoring capabilities).
---
Each integration has the "Test" functionality which can be used to manually determine if the integration's credentials still connect as expected:
However, this would require a user investigating each individual integration which is a waste of time. I created a quick Job Scheduler PoC using the TestInstance API for each integration, but that requires explicit configuration and maintenance on my part.
Does anyone have a reliable method to monitor the health of the various integrations within SecOps SOAR without needing to maintain the code yourself?
TIA!
---
If you're looking to create a Job for this, I have included a snippet of the PoC code below:
def get_integrations_by_environment(auth_header, soar_url, environment):
payload = {
"name": environment,
}
resp = requests.post(url=soar_url + "/api/external/v1/integrations/GetEnvironmentInstalledIntegrations?format=camel",
headers=auth_header, json=payload
)
environment_integrations = resp.json()
for integration in environment_integrations['instances']:
#if(integration['isConfigured'] == True):
# print(integration)
test_results = test_integration(auth_header, soar_url, integration['identifier'])
if(test_results['isSuccess'] != True):
FAILED_INTEGRATIONS.append({"id": integration['identifier']})
def test_integration(auth_header, soar_url, integration_id:str):
resp = requests.get(url=soar_url + "/api/external/v1/store/TestIntegration/"+integration_id+"?format=camel",
headers=auth_header
)
return resp.json()