Symantec ICDx
Integration version: 6.0
Configure Symantec ICDx integration in Google Security Operations
For detailed instructions on how to configure an integration inGoogle SecOps, seeConfigureintegrations.
Actions
Get Event
Description
Get event data by its ID.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Event UUID | String | N/A | N/A |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/AGet Events Minutes Back
Description
Get events for query, by minutes back.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Request query. |
| Limit | String | N/A | Received events amount limit. |
| Minutes Back | String | N/A | Fetch events minutes back parameter. |
| Fields | String | N/A | Specific event fields to bring(Comma separated.) |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| 4.0 | N/A | N/A |
JSON Result
N/APing
Description
Test Symantec ICDx connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/AConnectors
Symantec ICDx query Connector
Description
Fetching events from Symantec ICDx server using a query.
Configure Symantec ICDx Query Connector in Google SecOps
For detailed instructions on how to configure a connector inGoogle SecOps, seeConfiguring theconnector.
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| DeviceProductField | String | device_product | The field name used to determine the device product. |
| EventClassId | String | name | The field name used to determine the event name (sub-type). |
| PythonProcessTimeout | String | 60 | The timeout limit (in seconds) for the python process running current script. |
| API Root | String | null | N/A |
| API Token | Password | null | N/A |
| Verify SSL | Boolean | FALSE | Whether to use son connection or not. |
| Search Query | String | null | N/A |
| Events Limit | Integer | 10 | Max count of events to pull in one cycle. Example: 20 |
| Max Days Backwards | Integer | 1 | Max number of days to fetch alerts since. Example: 3 |
| Proxy Server Address | String | null | The address of the proxy server to use. |
| Proxy Username | String | null | The proxy username to authenticate with. |
| Proxy Password | Password | null | The proxy password to authenticate with. |
Connector Rules
Proxy support
The connector supports proxy.
Whitelist/Blacklist
The connector supports Whitelist/Blacklist rules.
Need more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.