Asset Store
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Asset Store

  • Dark
    Light
  • PDF

Asset Store integration is used to lookup on custom event stores uploaded to DNIF for various Hosts in an organization.

Pre-requisites

  • The custom event store must contain a column named $Host in the event store data.

Configuration

The following configuration should be done for Asset Store.

  1. Follow the initial configuration steps in How to Configure Soar Integrations.

image.png

  1. Click the edit icon to add details.
Field Description
Host Event Store Name Enter valid Event Store Name for Host
  1. Enter the above details and click Save.

Lookup integrated with Asset Store

Retrieve Host Details

The Host for which you want to retrieve details from the event store.

Function_name

get_host_info

Input

  • The HostDetails is a custom event store created to demonstrate this example.

host_details.csv

  • Run a Search

image.png

The Search query retrieves the $DevSrcIP field for each event in the HostDetails (custom) eventstore.

Output

_lookup host_store get_host_info $DevSrcIP

In the pipelined query function, the _lookup directive calls the get_host_info function of the host_store plugin. $DevSrcIP is passed as a parameter to the function. This output contains details about the Device such as the Asset name, Asset Owner, Asset Group and so on. The output is as shown below:

image.png

The Lookup call returns output based on the available data in the event store.


Was this article helpful?

What's Next