lookup_entity
Look up entity details (IP, domain, hash, etc.) in Chronicle Security Operations to analyze security events and monitor potential threats.
Instructions
Look up an entity (IP, domain, hash, etc.) in Chronicle.
Args:
entity_value: Value to look up (IP, domain, hash, etc.)
project_id: Google Cloud project ID (defaults to config)
customer_id: Chronicle customer ID (defaults to config)
hours_back: How many hours to look back (default: 24)
region: Chronicle region (defaults to config)
Returns:
Entity summary information
Input Schema
Name | Required | Description | Default |
---|---|---|---|
customer_id | No | ||
entity_value | Yes | ||
hours_back | No | ||
project_id | No | ||
region | No |
Input Schema (JSON Schema)
{
"properties": {
"customer_id": {
"default": null,
"title": "Customer Id",
"type": "string"
},
"entity_value": {
"title": "Entity Value",
"type": "string"
},
"hours_back": {
"default": 24,
"title": "Hours Back",
"type": "integer"
},
"project_id": {
"default": null,
"title": "Project Id",
"type": "string"
},
"region": {
"default": null,
"title": "Region",
"type": "string"
}
},
"required": [
"entity_value"
],
"title": "lookup_entityArguments",
"type": "object"
}