Kela
App Vendor: Kela
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: 1.0.0
Notice
This is a beta-app and the documentation is in progress.
About App
The kela monitoring integration allows you to fetch incident details from a specific organization.
The Kela app is configured with Orchestrate to perform the following actions:
Action Name | Description |
---|---|
Generic Action | This is a generic action to perform any additional use case on Kela. |
Scrolling | This action retrieves the next bulk of incidents using the scroll ID. |
Get Botnet Incidents | This action retrieves botnet incidents for a specific monitor. |
Get Leaked Credential Incidents | This action retrieves leaked credential incidents for a specific monitor. |
Get Network Vulnerability Incidents | This action retrieves network vulnerability incidents for a specific monitor. |
Configuration Parameters
The following configuration parameters are required for the Kela app to communicate with the Kela enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
API Token | Enter the API token to authenticate the client. | Password | Required |
|
Monitor ID | Enter the monitor ID to authenticate the client. | Text | Required |
|
Action: Scrolling
This action retrieves the next bulk of incidents using the scroll ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Scroll ID | Enter the scroll ID to retrieve incidents. Example: "DnF1ZXJ5VGhlbkZldGNoEAAAAAC936NlFlpYNUhXVkhBUXd1SEFybnNONWE1Y2cAAAAA3QuZnxZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAAVUAUu0WWTJ5TU9zeU9SNkM3U3JjZFNqWjYzUQAAAAAfo6XxFm9xxS1JYazdRU2JxZ1NGa3BsMW81RUEAAAAAs3mt6BZEMjBMYmZ4c1FFeWJIeTFBaTJuWW5BAAAAASqdAb4WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQxxAACzea3pFkQyMExiZnhzUUV5Ykh5MUFpMm5ZbkEAAAABLG-RRRZzM0xvcEVNUFEwSzlJZVJtRDVORGV3AAAAARo5L8wWclkwTmpRY2hRQlNWM1liNkRUSnV4dwAAAAFaAeeEFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAABLEvnBZBMmRFVFUtbFFRaWh1akQ4ZGp4TmpBAAAAAIK6TNkWY3c0bHVxxkJRWGlmMElPLXVWajJnZwAAAAFaAeeDFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAAA3QuZoBZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAASqdAb8WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQAAAAEaOS_NFnJZME5qUWNoUUJTVjNZYjZEVEp1eHc=" |
Example Request
[ { "scroll_id": "DnF1ZXJ5VGhlbkZldGNoEAAAAAC936NlFlpYNUhXVkhBUXd1SEFybnNONWE1Y2cAAAAA3QuZnxZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAAVUAUu0WWTJ5TU9zeU9SNkM3U3JjZFNqWjYzUQAAAAAfo6XxFm9xxS1JYazdRU2JxZ1NGa3BsMW81RUEAAAAAs3mt6BZEMjBMYmZ4c1FFeWJIeTFBaTJuWW5BAAAAASqdAb4WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQxxAACzea3pFkQyMExiZnhzUUV5Ykh5MUFpMm5ZbkEAAAABLG-RRRZzM0xvcEVNUFEwSzlJZVJtRDVORGV3AAAAARo5L8wWclkwTmpRY2hRQlNWM1liNkRUSnV4dwAAAAFaAeeEFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAABLEvnBZBMmRFVFUtbFFRaWh1akQ4ZGp4TmpBAAAAAIK6TNkWY3c0bHVxxkJRWGlmMElPLXVWajJnZwAAAAFaAeeDFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAAA3QuZoBZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAASqdAb8WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQAAAAEaOS_NFnJZME5qUWNoUUJTVjNZYjZEVEp1eHc=" } ]
Action: Generic Action
This is a generic action to perform any additional use case on Kela.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Endpoint | Enter the endpoint to initiate a request. Example: 'incidents' | Text | Required |
|
Method | Enter the HTTP method to make. Example:
| Text | Required |
|
Query Params | Enter the query parameters to filter the result. Example: $JSON[{"page":10}] | Any | Optional |
|
Payload Data | Enter the payload data to pass to the API. Example: {"data": {"reason": "security_testing"}} | Key Value | Optional |
|
Payload JSON | Enter the payload JSON to pass to the API. Example: $JSON[{"data": {"type": "ransomware","id": 788996}}] | Any | Optional |
|
Example Request
[ { "method":"GET", "endpoint":"incidents", "payload_data":{ "data":[ { "reason":"security_testing" } ] }, "query_params":{ "limit":"10" } } ]
Action: Get Botnet Incidents
This action retrieves botnet incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Example Request
[ { "from_date":1685452480, "to_date":1685452481, "offset":50 } ]
Action: Get Leaked Credential Incidents
This action retrieves leaked credential incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. Example: 50 | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Example Request
[ { "from_date":1685452480, "to_date":1685452481, "offset":50 } ]
Action: Get Network Vulnerability Incidents
This action retrieves network vulnerability incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. Example: 50 | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Example Request
[ { "from_date":1685452480, "to_date":1685452481, "offset":50 } ]