Natrix

natrix is a security platform that enhances threat detection and response through advanced alert management and analytics natrix is a comprehensive security platform designed to manage and analyze alerts effectively this connector allows swimlane turbine users to seamlessly assign alerts to analysts and update alert statuses within natrix by integrating natrix with swimlane turbine, security teams can automate alert management processes, ensuring timely responses and efficient workflow management this integration enhances the capabilities of security operations by providing streamlined alert handling and status updates, reducing manual intervention and improving response times prerequisites before you can use the natrix connector for turbine, you'll need access to the natrix api this requires the following oauth 2 0 resource owner password credentials authentication using the following parameters url the endpoint for accessing the natrix api client id the identifier for your application registered with keycloak username the username for authenticating against the natrix api password the password associated with the username for authentication client secret a secret key used in conjunction with the client id for secure authentication capabilities this connector provides the following capabilities capabilities go here e g manage firewall policies instead of listing each individual tasks limitations include information about known limitations here, including supported or minimum versions, especially known unsupported versions asset setup the content here should discuss asset setup in a conversational manner be sure to include any known login and test connection errors tasks setup special task setup as needed depending on plugin, exclude if empty known available allowed input options from enum type selection notes any other notes not fitting other sections go here any reference urls to external docs or other resources configurations natrix password credentials authenticates using oauth 2 0 resource owner password credentials grant against keycloak configuration parameters parameter description type required url base url of the natrix server (e g , https //soc master01 soc lan https //soc master01 soc lan ) string required client id oauth2 client id registered in keycloak (e g , master) string required client secret oauth2 client secret registered in keycloak string required username natrix user email address string required password natrix user password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions assign alert assign a natrix alert or group of alerts to an analyst using event id, sensor index, assigned user, and action scope endpoint url soctopus/api/alert/assign method post input argument name type required description event id string optional elasticsearch document id of the alert sensor index string optional sensor and index in format "\<sensor name> \<index name>" (e g , sen01 heavynode \ elastalert 2026 04 21) assigned user string optional analyst email address registered in natrix action scope string optional scope of the assignment input example {"event id" "string","sensor index" "string","assigned user" "string","action scope" "event id"} set alert status update the status of one or more natrix alerts using event id, sensor index, event status, and action scope endpoint url soctopus/api/alert/setstatus method post input argument name type required description event id string optional elasticsearch document id of the alert sensor index string optional sensor and index in format "\<sensor name> \<index name>" (e g , sen01 heavynode \ elastalert 2026 04 21) event status string optional new status for the alert action scope string optional scope of the status change comment string optional optional free text comment stored with the status change input example {"event id" "string","sensor index" "string","event status" "active","action scope" "event id","comment" "string"} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt