Trapx DeceptionGrid
App Vendor: TrapxConnector
Category: Network Security
Connector Version: 1.0.0
API Version: 1.3
Product Version: 7.0
About App
The Trapx DeceptionGrid app allows security teams to integrate with the Trapx enterprise application. It enables Analysts to manage appliances, events, and PCAP files of the shadow network. The shadow network comprises fake assets that are used to divert and trap attackers.
The Trapx DeceptionGrid app is configured with the Orchestrate application to perform the below-listed actions:
Parameter | Description |
|---|---|
Download event PCAP file | This action can be used to retrieve PCAP files associated with specified events from the Trapx DeceptionGrid App. |
Search events | This action can be used to search security events based on filters in the Trapx DeceptionGrid App. |
Get a list of appliances | This action can be used to retrieve a list of appliances from the Trapx DeceptionGrid App. |
Configuration parameters
Below is the list of configuration parameters that are required for the Trapx DeceptionGrid app to communicate with the Trapx DeceptionGrid application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the Trapx DeceptionGrid Base URL. Format must be as follows: <http[s]://BASE URL.TLD[:port]>. | Text | Required | |
API Key | Enter the Trapx DeceptionGrid API Key. | Text | Required | |
SSL verification | Optional preference to either verify or skip the SSL certificate verification. | Boolean | Required | Allowed values:
By default, the value is "False". |
Action: Download event PCAP file
This action can be used to retrieve PCAP files associated with specified events from the Trapx DeceptionGrid App.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the Event ID. Get Event ID as received in the event's "x_trapx_com_eventid". | Text | Required |
Action: Search events
This action can be used to search security events based on filters in the Trapx DeceptionGrid App.
Input parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Trap type | Enter Trap type. | Text | Required | Allowed types:
|
Additional query parameters | Enter the additional query parameters in the form of key-value pairs. | Key-Value | Optional | Allowed value:
By default, the value is "None”. |
Example Request
[
{
"trap_type": "Emulation"
}
]Action: Get a list of appliance
This action can be used to retrieve a list of appliances from the Trapx DeceptionGrid App.
Input parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Additional query parameters | Enter the additional query parameters. | Key Value | Optional | Allowed values:
By default, value is "None”. |
Example Request
[
{
"state": "pending"
}
]