Stellar SIEM

the stellar siem connector facilitates the retrieval and management of security alerts, enhancing threat detection and response activities stellar siem is a cutting edge security information and event management platform that provides comprehensive visibility into security data and alerts the stellar siem turbine connector allows users to efficiently retrieve paginated alerts from specific cases within stellar siem, offering a streamlined approach to incident management by integrating with swimlane turbine, security teams can automate the monitoring and analysis of alerts, enabling rapid response to potential threats this connector empowers users to manage security incidents with precision and agility, leveraging the power of swimlane's low code automation capabilities limitations the alerts endpoint returns at most 50 results per request; use skip and limit for pagination (e g second page skip=10\&limit=10 ) supported versions this stellar siem connector uses the stellar cyber public api (v1) refer to https //docs stellarcyber ai/prod docs/5 3 x/resources/swaggerui/dist/index html for version specific details additional docs https //docs stellarcyber ai/prod docs/5 3 x/resources/swaggerui/dist/index html https //docs stellarcyber ai/5 2 xs/using/api/api auth htm https //docs stellarcyber ai/prod docs/5 1 x/using/api/api case query htm configuration prerequisites to effectively utilize the stellar siem connector within swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url the endpoint for the stellar siem api token a valid bearer token to authenticate api requests authentication methods http bearer authentication url the base url of your stellar cyber server (e g https //myserver stellarcyber cloud ) token jwt obtained from post /connect/api/v1/access token using your email and api key (basic auth) use a dedicated api user and refresh the token as needed; tokens expire in 10 minutes capabilities this stellar siem connector provides the following capabilities retrieve paginated alerts retrieve paginated alerts retrieves paginated alerts for the given case use the path parameter case id ( id ) and the query parameters skip (number of records to skip) and limit (maximum 50 per request) for example, skip=10\&limit=10 returns the second 10 alerts response includes data docs with alert documents (e g id , source , index ) stellar cyber's documentation for this action can be found https //docs stellarcyber ai/prod docs/5 3 x/resources/swaggerui/dist/index html (see cases → alerts endpoint) configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions retrieve paginated alerts retrieves a specified range of alerts for a case in stellar siem using the case id, with options to skip and set a limit up to 50 alerts per request endpoint url /cases/{{id}}/alerts method get input argument name type required description path parameters id string required case id (path parameter) parameters skip number required number of records to skip before returning results e g skip=10\&limit=10 returns the second 10 alerts parameters limit number required maximum number of results to return a maximum of 50 results can be returned at a time e g limit=10 returns the first 10 alerts input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"skip" 123,"limit" 123}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data docs array response data data docs version number response data data docs type string response data data docs source object response data data docs seq no number response data data docs primary term number response data data docs index string response data data docs id string response data data docs found boolean response data output example {"status code" 200,"reason" "ok","json body" {"data" {"docs" \[]}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt