SSH

Integration version: 16.0

Configure SSH integration in Google Security Operations

For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.

Actions

Block IP Address in IPtables

Description

Add a rule to IPtables to block an IP address.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

Delete Firewall Rule

Description

Delete IPtables Firewall rule (Example: INPUT -s 10.0.0.10 -j DROP).

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

Execute Program

Description

Run a script on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

List Connections

Description

List all connections on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

{  "Results": [  "Proto,Recv-Q,SendQ,Local,Address,Foreign,Address,State,PID/Program,name",  "tcp,0,0,0.0.0.0:111,0.0.0.0:*,LISTEN,1/systemd",  "tcp,0,0,0.0.0.0:22,0.0.0.0:*,LISTEN,10624/sshd"  ] } 

List Processes

Description

List the running processes on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

{  "Processes": [  "USER,PID,%CPU,%MEM,VSZ,RSS,TTY,STAT,START,TIME,COMMAND",  "root,1,0.0,0.0,193656,6656,?,Ss,Jan16,0:24,/usr/lib/systemd/systemd --system --deserialize 24",  "root,32142,0.0,0.0,0,0,?,S,Jan22,0:32,[kworker/3:1]"  ] } 

List IPtables Rules

Description

List IPtable rules on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

{  "-,Chain,Rule": [  "-P,INPUT,ACCEPT",  "-P,FORWARD,ACCEPT",  "-P,OUTPUT,ACCEPT"  ] } 

Logoff User

Description

Logoff a remote user.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A

Ping

Description

Test Connectivity.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A

‌Reboot Machine

Description

Reboot a remote server.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

Run Command

Description

Run a command on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

{  "ifconfig":  "ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500  Ninet1.1.1.1netmask1.1.1.1broadcast1.1.1.1  ninet6fe80: : 2156: 9c37: 7a0d:  87eprefixlen64scopeid0x20<link>  nether00: 50: 56: b5: 70: e3txqueuelen1000(Ethernet)  nRXpackets7448423bytes1077754116(1.0GiB)  nRXerrors0dropped0overruns0frame0  nTXpackets370155bytes44300304(42.2MiB)  nTXerrors0dropped0overruns0carrier0collisions0  nlo: flags=73<UP,LOOPBACK,RUNNING>mtu65536  Ninet1.1.1.1netmask1.1.1.1  ninet6: : 1prefixlen128scopeid0x10<host>  nlooptxqueuelen1000(LocalLoopback)  nRXpackets86bytes4780(4.6KiB)  nRXerrors0dropped0overruns0frame0  nTXpackets86bytes4780(4.6KiB)  nTXerrors0dropped0overruns0carrier0collisions0" } 

Shutdown Machine

Description

Shutdown a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

Terminate Process

Description

Terminate a process on a remote machine.

Parameters

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

JSON Result

N/A 

Need more help? Get answers from Community members and Google SecOps professionals.