Integrate Zerofox with Google SecOps

Integration version: 1.0

Integration Parameters

The Zerofox integration requires the following parameters:

Parameter Description

API Root

Parameter	Description
API Root	Required. The API root of the Zerofox instance.
API Token	Required. The Zerofox API token.
Verify SSL	Required. If selected, the integration validates the SSL certificate when connecting to Zerofox. Selected by default. The default value is`Checked`.

Required.

The API root of the Zerofox instance.

API Token

Required.

The Zerofox API token.

Verify SSL

Required.

If selected, the integration validates the SSL certificate when connecting to Zerofox. Selected by default.

The default value isChecked.

Actions

For more information about actions, seeRespond to pending actions fromYour Workdesk andPerform a manualaction.

Ping

Use thePing action to test the connectivity to Zerofox.

The action doesn't run on any entities.

Action inputs

ThePing action doesn't require any parameters.

Action Outputs

ThePing action provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result	Available

Output messages

ThePing action provides the following output messages:

Output message	Message description
`Successfully connected to the Zerofox server withthe provided connection parameters!`	The action succeeded.
`Failed to connect to the Zerofox server! Erroris {0}".format(exception.stacktrace)`	The action failed.

Script Result

The following table describes the values for the script result output when usingthePing action:

Script result name	Value
`is_success`	`True` or`False`

Request Takedown

Use theRequest Takedown action to request a takedown in Zerofox.

This action doesn't run on Google SecOps entities.

Action inputs

TheRequest Takedown action requires the following parameters:

Parameter	Description
Alert ID	Required. The ID of the Zerofox Alert.

Parameter

Description

Alert ID

Required.

The ID of the Zerofox Alert.

Action outputs

TheRequest Takedown action provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result	Available

Output messages

TheRequest Takedown action provides the following output messages:

Output message Message description

Successfully requested takedown for alert with ID {alert id} The action succeeded.

Output message	Message description
`Successfully requested takedown for alert with ID {alert id}`	The action succeeded.
`Error executing action "Request Takedown". Reason: {0}''.format(error.Stacktrace)` `Error executing action "Request Takedown". Reason: Alert with ID {alert ID} wasn't found in Zerofox.''` `Error executing action "Request Takedown". Reason: {error}.''`	The action failed.

Error executing action "Request Takedown". Reason: {0}''.format(error.Stacktrace)

Error executing action "Request Takedown". Reason: Alert with ID {alert ID} wasn't found in Zerofox.''

Error executing action "Request Takedown". Reason: {error}.''

The action failed.

Script Result

The following table describes the values for the script result output when usingtheRequest Takedown action:

Script result name	Value
`is_success`	`True` or`False`

Close Alert

Use theClose Alert action to close an alert in Zerofox.

This action doesn't run on Google SecOps entities.

Action inputs

TheClose Alert action requires the following parameters:

Parameter	Description
Alert ID	Required. The ID of the Zerofox Alert.

Parameter

Description

Alert ID

Required.

The ID of the Zerofox Alert.

Action Outputs

TheClose Alert action provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result	Available

Script Result

The following table describes the values for the script result output when usingtheClose Alert action:

Script result name	Value
`is_success`	`True` or`False`

Output messages

TheClose Alert action provides the following output messages:

Output message Message description

Output message	Message description
`Successfully closed alert with ID {alert id}`	The action succeeded.
`Error executing action "Close Alert". Reason: {0}''.format(error.Stacktrace)` `Error executing action "Close Alert". Reason: Alert with ID {alert ID} wasn't found in Zerofox.''` `Error executing action "Close Alert". Reason: {error}`	The action failed.

Successfully closed alert with ID {alert id}

The action succeeded.

Error executing action "Close Alert". Reason: {0}''.format(error.Stacktrace)

Error executing action "Close Alert". Reason: Alert with ID {alert ID} wasn't found in Zerofox.''

Error executing action "Close Alert". Reason: {error}

The action failed.

Add Note To Alert

Use theAdd Note To Alert action to add a note to an alert in Zerofox.

This action doesn't run on Google SecOps entities.

Action inputs

TheAdd Note To Alert action requires the following parameters:

Parameter	Description
Alert ID	Required. The ID of the Zerofox Alert.
Note	Required. The note for the alert.

Parameter

Description

Alert ID

Required.

The ID of the Zerofox Alert.

Note

Required.

The note for the alert.

Action outputs

TheAdd Note To Alert action provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result	Available

Output messages

TheAdd Note To Alert action provides the following output messages:

Output message Message description

Output message	Message description
`Successfully added a note to alert with ID {alert id}`	The action succeeded.
`Error executing action "Add Note To Alert". Reason: {0}''.format(error.Stacktrace)` `Error executing action "Add Note To Alert". Reason: Alert withID {alert ID} wasn't found in Zerofox.''` `Error executing action "Add Note To Alert". Reason: {error}`	The action failed.

Successfully added a note to alert with ID {alert id}

The action succeeded.

Error executing action "Add Note To Alert". Reason: {0}''.format(error.Stacktrace)

Error executing action "Add Note To Alert". Reason: Alert withID {alert ID} wasn't found in Zerofox.''

Error executing action "Add Note To Alert". Reason: {error}

The action failed.

Script Result

The following table describes the values for the script result output when usingtheAdd Note To Alert action:

Script result name	Value
`is_success`	`True` or`False`

Add Evidence To Alert

Use theAdd Evidence To Alert action to add evidence to an alert in Zerofox.

This action doesn't run on Google SecOps entities.

Action inputs

TheAdd Evidence To Alert action requires the following parameters:

Parameter	Description
Alert ID	Required. The ID of the Zerofox Alert.
Filepath	Required. The absolute path for the evidence submitted to the alert.

Parameter

Description

Alert ID

Required.

The ID of the Zerofox Alert.

Filepath

Required.

The absolute path for the evidence submitted to the alert.

Action outputs

TheAdd Evidence To Alert action provides the following outputs:

Action output type	Availability
Case wall attachment	Not available
Case wall link	Not available
Case wall table	Not available
Enrichment table	Not available
JSON result	Not available
Output messages	Available
Script result	Available

Output messages

TheAdd Evidence To Alert action provides the following output messages:

Output message Message description

Output message	Message description
`Successfully added evidence to the alert with ID {alert id}`	The action succeeded.
`Error executing action "Add Evidence To Alert". Reason: {0}''.format(error.Stacktrace)` `Error executing action "Add Evidence To Alert". Reason: Alert withID {alert ID} wasn't found in Zerofox.''` `Error executing action "Add Evidence To Alert". Reason: {error}`	The action failed.

Successfully added evidence to the alert with ID {alert id}

The action succeeded.

Error executing action "Add Evidence To Alert". Reason: {0}''.format(error.Stacktrace)

Error executing action "Add Evidence To Alert". Reason: Alert withID {alert ID} wasn't found in Zerofox.''

Error executing action "Add Evidence To Alert". Reason: {error}

The action failed.

Script Result

The following table describes the values for the script result output when usingtheAdd Evidence To Alert action:

Script result name	Value
`is_success`	`True` or`False`

Need more help?Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.

Movatterモバイル変換

Integrate Zerofox with Google SecOps

Integration Parameters

Actions

Ping

Action inputs

Action Outputs

Output messages

Script Result

Request Takedown

Action inputs

Action outputs

Output messages

Script Result

Close Alert

Action inputs

Action Outputs

Script Result

Output messages

Add Note To Alert

Action inputs

Action outputs

Output messages

Script Result

Add Evidence To Alert

Action inputs

Action outputs

Output messages

Script Result