Use this connector to interact with Nozomi through Swimlane.

Created Nozomi Guardian Get Alerts component, allowing us to pull alerts based on the query=”alerts” input parameters. The component has integrated with SOC Solutions Bundle’s component named “Execute - Process Bulk Alerts“, which automates the process of TI enrichment and Case record creation.

The creation of the component was referencing ElasticSecurity Get Signals component.

 The component is created from TC24.2.12, with Nozomi Connector version 1.1.3 .

- ‘Nozomi Networks Get Alerts’ component

Create/Update Asset details accordingly, URL, Username and Password:

Create playbook named “AT - Bulk Ingest Alerts, (Nozomi)“,

- configure action Prepare Query, with Block named ‘Query’, fill in the Nozomi Query syntax here , example “alerts”. (Note: Refer to Nozomi API for more query filter details)

// "alerts | where days_ago(time) < 1"

// "alerts | where hours_ago(time) < 1"

"alerts | where minutes_ago(time) < 1"

Add component named “Nozomi Networks Get Alerts“ imported in step [3]. Configure input ‘query’ reference to Prepare Query’s result.

- Add component named “Execute - Process Bulk Alerts“ from SOC Solutions Bundle. Configure input ‘alerts’ reference to “Nozomi Networks Get Alerts“ published alerts.

Entry playbook ‘AT - Bulk Ingest Alerts (Nozomi)’, and Component’s result of ‘Nozomi Networks Get Alerts’.

Case Record Creation using Nozomi Guardian Alerts

The Nozomi integration provides the following capabilities:

Update User

Nozomi Connector

test12

sdfdssdfsdfsdfsdfdsfsdf

edfsad

dsfsdfsdf

test

specific

var_miha

new_var_2

new_mih_var

mih_var

testheight

available

testulet

testvar

This is a plain text that will be inserted in an expandable heading for using this raw as an exampl

altscenario

This is a plain text that will be inserted in an expandable heading for using this raw as an example

scenario

exemplu

variabila

Archbee

text

refresh_token

YourBank

MyBank

variable_test_video

variable123

silviu

Bogdan_test

ferwhethgte

target1

google

support

product_name

productName1

companyLegalName

programName

customerName1

productName

Product_Name

Test

SEFAS

uptempo

customerName

testName

name1

customername

apilink1-getallmethod

variable_one

capitalize

company_name_adobe

jama_2

jama_1

domain

email

product

Glossary lets you define every tricky term, then gives them a sneak peek explanation on hover... Just like I'm doing with this text right here!

Glossary_feature

Google

aaaa

insitutionAdress

dasdas666

aa112

asdasdas

asdasd

What

New_reusable

test_var2

test_var

HTTP Basic Authentication

Our knowledgeable support team and an awesome community will get you an answer in a flash.

Connectors

Configuration

alien vault threat exchange

Alien Vault Threat Exchange Connector

Atlassian Jira

Atlassian Jira Connector

configuration

check point R80

Check Point R80 Connector

splunk

Cisco Splunk Connector

CyberArk

CyberArk Connector

ExtraHop

ExtraHop Connector

Types of fortinet Configurations

Fortinet-Fortigate

Fortinet Fortigate Connector

Google Safe Browsing

Google Safe Browsing Connector

Halopsa

HaloPSA Connector

Invicti Netsparker

Invicti Netsparker Connector

Malware Information Sharing Platform & Threat Sharing

MISP Connector

Microsoft Azure Sentinel Connector

Oauth 2.0 Client Credentials

Microsoft Graph API

Microsoft Graph API Connector

Securonix

Securonix Connector

SentinelOne Connector

ServiceNow

ServiceNow Connector

Symantec_dlp

Symantec DLP Connector

Slack

Slack Connector

Okta

Okta Connector

proofpoint

Proofpoint Connector

Rapid7

Rapid7 InsightIDR V2 Connector

Tenable.SC Connector

Tenable Security Center Connector

Tanium

Tanium Connector