autobotAI

Securonix

Overview

The Securonix integration allows autobotAI to connect with Securonix Unified Defense SIEM, a cloud-native security analytics platform that combines SIEM, UEBA, and SOAR capabilities. This integration enables automated threat detection, incident investigation, and security analytics workflows.

This guide provides instructions for setting up the Securonix integration in your autobotAI account. By completing this process, you will connect your Securonix SNYPR instance and its associated resources to the platform.

Prerequisites

Before starting, ensure you have:

  • A Securonix SNYPR instance with web services (WS) API enabled
  • A WS API Token generated from Securonix
  • Your Securonix instance URL (e.g., https://company.securonix.net)

Instructions for generating an API token can be found in the Additional Information section.

Steps to Set Up Securonix Integration

Step 1:
Navigate to the Integrations page by selecting Integrations from the menu. Click the + Add Integration button in the top-right corner to view available integrations.

add_integration

Step 2:
From the list, under the Security Tools section, select Securonix + Add to create the Securonix integration.

select_securonix

Step 3:
Fill in the required fields as follows:

Note: Fields marked with an asterisk (*) are mandatory.

  • Alias: Provide a meaningful name or alias for this integration.
  • Groups: Use groups to organize multiple integrations, similar to how labels work in email systems.
  • Host URL: Enter your Securonix instance URL (e.g., https://company.securonix.net).
  • API Token: Enter your pre-generated WS authentication token.
  • Test API Path: API path to test the integration (default: /Snypr/ws/token/validate).
  • Test HTTP Method: HTTP method to use for testing (GET, POST, or HEAD).
  • Skip Test Integration: Enable to bypass the integration test (useful when API is not accessible).
add_details

Verify the information, then click Create to complete the integration.

Step 4:
After the integration is successfully created, locate it under Integrations. Click on the three dots on the left side and select Test to ensure your integration is properly configured with autobotAI.

validation

Additional Information

How to Generate a WS API Token

  1. Log in to Securonix:

    • Navigate to your Securonix SNYPR admin portal.

  2. Generate an API Token:

    • Go to Settings > API Tokens or Administration > User Management.
    • Look for options to generate a web services (WS) API token.
    • Create a new token with the appropriate permissions for your use case.

  3. Copy the Token:

    • After generation, copy the token. The token is typically shown once, so store it securely.

  4. Identify Your Host URL:

    • Your host URL is just the scheme and hostname: https://<hostname>
    • For example, if your Securonix portal is at https://company.securonix.net, enter https://company.securonix.net.

Supported Connection Interfaces

The Securonix integration supports:

  • REST API: Access Securonix endpoints for incident management, watchlist/whitelist operations, Spotter search queries, and more.

Available API Endpoints

The integration provides access to the following Securonix APIs:

  • Incident Management: Get incident details by type (metaInfo, actionInfo, workflowInfo)
  • Spotter Search: Query activity, asset, violation, lookup, and watchlist collections
  • Watchlist Operations: Create, list, add entities, and check watchlist membership
  • Whitelist Operations: Create, list, add/remove entities from whitelists

Query Examples

Activity Search:

index=activity AND resourcegroupname=<datasource> AND <conditions>

Asset Search:

index=asset AND entityname=<asset_name>

Violation Search:

index=violation

Watchlist Search:

index=watchlist AND watchlistname=<watchlist_name>

References