Integrate with 3rd party
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2024 08:21 AM
We are currently wanting to integrate with a third party tool (DTonomy) but we only have the url, and an Authorization (API) key. How would we configure the REST API Call to set up authentication to connect to DTonomy?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2024 08:40 AM
Usually, if a software or application has integration capabilities, they would have a website resources dedicated to API documentation. For DTonomy, I see they have below resources that could help you:
https://doc.dtonomy.com/api.html
https://doc.dtonomy.com/automation.html
It highly depends on your process and people alignment to identify what data is required to be synced and how it will be used. DTonomy, being a Security Orchestration, Automation, and Response (SOAR) Software, I am assuming you want to create incident tickets using events collected by DTonomy. Hence, aligning your ITSM & IT Security teams to identify the process is key.
Technically, integrating with such tools using REST API depends on few items such as:
1. the trigger of data sync. You can use a scheduled job or flow designer to initiate data sync based on the trigger.
2. syncing all data or incremental
3. always create record or update an existing one
and so on depending upon the situation.
Hope this helps.
Regards,
Sharad
Regards,
Sharad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-21-2024 01:25 PM
Thanks very much, Sharad for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2024 09:22 AM
Hi Sharad
Thanks again for your previous response!
I have managed to connect successfully to DTonomy and able to retrieve the data when I do a Test on the REST Call. Our requirement is to set up a scheduled job that does the REST Call and transforms the data for each alert coming from DTonomy and to create/update Security Incident Table in SNOW.
I managed to call the REST Call from the Scheduled Job, but it only gets one record from DTonomy. I am unable to read all the records and to transform the data. Would you be able to assist with how I could script this to loop through all the records returned from Dtonomy, to transform the data and create Security Incidents? Any help would be much appreciated.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-24-2024 11:52 AM
Just trying to understand your statement: The REST API Call is extracting only one alert and its getting transformed correctly but you are expecting more records. Have your confirmed with Dtonomy app if there are more records to be extracted? Is the response in JSON?
Try testing with 'Rest Message' under System Web Services. This will confirm if Dtonomy response with 1 records or more?
Regards,
Sharad
