Closed andrewkroh closed 1 month ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
This will be an integration with one CEL-based data stream to ingest incidents from Digital Guardian Analytics & Reporting Cloud (ARC). Because we don't have access to the real service, I propose that we develop against a mock and release this as beta (e.g. v0.1.0-beta1). Then we can get a helpful user to deploy and validate against their account.
This integration will
POST /1.0/export_profiles/{profile}/export_and_ack
API (need to set request header Accept: application/json
). This returns the export profile data in JSON format and advances the server-side bookmark in a single call.The required configuration is
auth.oauth.token_url
)
Create a new integration to pull events and alerts from the Digital Guardian Analytics & Reporting Cloud (ARC) API.
I have a PDF document of DG Analytics & Reporting Cloud External API, Version 3.1.0 to work from.