Arcanna AI

this is a connector for arcanna ai arcanna ai is an ai assisted cybersecurity by bringing all the required data into a single place where it can be processed and analyzed in order to automate decision and post decision tasks across the growing it infrastructure prerequisites the arcanna ai asset requires a url and an api key to interact with the api capabilities this connector provides the following capabilities get event status get jobs list send bulk events send event send event feedback configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x arcanna api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get event status retrieves arcanna inference result endpoint url api/v1/events/{{job id}}/{{event id}} method get input argument name type required description path parameters job id number required parameters for the get event status action path parameters event id string required parameters for the get event status action input example {"path parameters" {"job id" 1201,"event id" "12011938471583"}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier ingest timestamp string output field ingest timestamp status string status value confidence level number unique identifier result string result of the operation is duplicated boolean output field is duplicated error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"event id" "string","ingest timestamp" "string","status" "string","confidence level" 0,"result" "string","is duplicated"\ true,"error message" "string"}} get jobs list get jobs list endpoint url api/v1/jobs method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"job id" 0,"data type" "string","title" "string","status" "string","labels" \[],"features" \[]}]} send bulk events send to arcanna a bulk of events as a dict encoded json string filled with xsoar fields endpoint url api/v1/bulk/{{job id}} method post input argument name type required description path parameters job id number required parameters for the send bulk events action counts number optional parameter for send bulk events events array optional parameter for send bulk events events job id number optional unique identifier events severity number optional parameter for send bulk events events name string optional name of the resource events destination object optional parameter for send bulk events events destination address string optional parameter for send bulk events events destination port number optional parameter for send bulk events events destination bytes number optional parameter for send bulk events events destination ip string optional parameter for send bulk events events destination packets number optional parameter for send bulk events events rule object optional parameter for send bulk events events rule name string optional name of the resource events rule id string optional unique identifier events rule category string optional parameter for send bulk events events source object optional parameter for send bulk events events source address string optional parameter for send bulk events events source port number optional parameter for send bulk events events source bytes number optional parameter for send bulk events events source ip string optional parameter for send bulk events events source packets number optional parameter for send bulk events events event object optional parameter for send bulk events events event severity number optional parameter for send bulk events events event ingested string optional parameter for send bulk events input example {"json body" {"counts" 10,"events" \[{"job id" 1202,"severity" 3,"name" "test alert","destination" {"address" "10 128 0 6","port" 53720,"bytes" 836035,"ip" "10 128 0 6","packets" 6459},"rule" {"name" "suricata http unable to match response to request","id" "2221010","category" "generic protocol command decode"},"source" {"address" "8 8 8 8","port" 9200,"bytes" 4833843,"ip" "8 8 8 8","packets" 9677},"event" {"severity" 3,"ingested" "2021 06 15t07 56 50 654225827z","created" "2021 06 15t07 56 49 649z","kind" "alert","module" "suricata","start" "2021 06 14t14 02 06 280z","category" \["network","intrusion detection"],"type" \["allowed"],"dataset" "suricata eve"},"fileset" {"name" "eve"},"message" "generic protocol command decode","url" {"path" "libhtp request uri not seen","original" "libhtp request uri not seen"},"@timestamp" "2021 06 15t07 56 49 647z","suricata" {"eve" {"in iface" "ens4","metadata" {"flowints" {"http anomaly count" 2419}},"event type" "alert","alert" {"signature id" 2221010,"rev" 1,"gid" 1,"signature" "suricata http unable to match response to request","category" "generic protocol command decode"},"flow id" 576330410117303,"tx id" 3224,"flow" {}}},"closingreason" "resolved","closing notes" "some analyst note"}]},"path parameters" {"job id" 1219}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"status" "string","error message" "string"}} send event sends a raw event to arcanna endpoint url api/v1/events/ method post input argument name type required description job id number optional unique identifier raw body object optional request body data raw body destination object optional request body data raw body destination address string optional request body data raw body destination port number optional request body data raw body destination bytes number optional request body data raw body destination ip string optional request body data raw body destination packets number optional request body data raw body rule object optional request body data raw body rule name string optional request body data raw body rule id string optional request body data raw body rule category string optional request body data raw body source object optional request body data raw body source address string optional request body data raw body source port number optional request body data raw body source bytes number optional request body data raw body source ip string optional request body data raw body source packets number optional request body data raw body event object optional request body data raw body event severity number optional request body data raw body event ingested string optional request body data raw body event created string optional request body data raw body event kind string optional request body data raw body event module string optional request body data raw body event start string optional request body data input example {"json body" {"job id" 1219,"raw body" {"destination" {"address" "10 128 0 6","port" 53720,"bytes" 836035,"ip" "10 128 0 6","packets" 6459},"rule" {"name" "suricata http unable to match response to request","id" "2221010","category" "generic protocol command decode"},"source" {"address" "8 8 8 8","port" 9200,"bytes" 4833843,"ip" "8 8 8 8","packets" 9677},"event" {"severity" 3,"ingested" "2021 06 15t07 56 50 654225827z","created" "2021 06 15t07 56 49 649z","kind" "alert","module" "suricata","start" "2021 06 14t14 02 06 280z","category" \["network","intrusion detection"],"type" \["allowed"],"dataset" "suricata eve"},"fileset" {"name" "eve"},"message" "generic protocol command decode","url" {"path" "/libhtp request uri not seen","original" "/libhtp request uri not seen"},"@timestamp" "2021 06 15t07 56 49 647z","suricata" {"eve" {"in iface" "ens4","metadata" {"flowints" {"http anomaly count" 2419}},"event type" "alert","alert" {"signature id" 2221010,"rev" 1,"gid" 1,"signature" "suricata http unable to match response to request","category" "generic protocol command decode"},"flow id" 576330410117303,"tx id" 3224,"flow" {}}}},"title" "sample event","severity" 3}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier job id number unique identifier ingest timestamp string output field ingest timestamp status string status value error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"event id" "string","job id" 0,"ingest timestamp" "string","status" "string","error message" "string"}} send event feedback send arcanna feedback for a previous inferred event endpoint url api/v1/events/{{job id}}/{{event id}}/feedback method put input argument name type required description path parameters job id string optional parameters for the send event feedback action path parameters event id string optional parameters for the send event feedback action cortex user string optional parameter for send event feedback feedback string optional parameter for send event feedback closing notes string optional parameter for send event feedback indicators array optional parameter for send event feedback indicators type string optional type of the resource indicators value string optional value for the parameter indicators source string optional parameter for send event feedback input example {"json body" {"cortex user" "string","feedback" "string","closing notes" "string","indicators" \[{"type" "string","value" "string","source" "string"}]},"path parameters" {"job id" "string","event id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"status" "string"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt