Chronicle

This app enables the end-user to search, analyze, and ingest the enterprise security data stored in the Chronicle using investigative, reputation, and ingestion actions

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• list ioc details: Return any threat intelligence associated with the specified artifact
• list iocs: List all of the IoCs discovered within the enterprise within the specified time
• list assets: List all of the assets that accessed the specified artifact within the specified time
• list events: List all of the events discovered within the enterprise on a particular device within the specified time
• domain reputation: Derive the reputation of the specified domain artifact (The reputation can be either of 'Malicious', 'Suspicious', and 'Unknown')
• ip reputation: Derive the reputation of the specified destination IP address artifact (The reputation can be either of 'Malicious', 'Suspicious', and 'Unknown')
• list alerts: List all of the security alerts tracked within the enterprise on particular assets and|or users for the specified time
• list rules: List the latest versions of the rules created in the Detection Engine within the enterprise
• list detections: List all the detections for the specific versions of the given Rule ID(s)
• on poll: Action handler for the on poll ingest functionality