SOAR-Apps

7 min read

Introduction to App

In Argus SOAR, apps are the fundamental building blocks that enable the execution of complex workflows. These apps are responsible for carrying out the specific actions and tasks defined within a workflow, making them the “heavy lifters” of the automation process.

Key Features of Apps in Argus SOAR:

  1. Extensive Function Library:
    • Argus SOAR provides a vast library of functions through its apps, allowing you to perform a wide range of tasks. These functions cover everything from simple data manipulation to complex integrations with external systems.
  2. Creation Using OpenAPI or Python:
    • Apps in Argus SOAR can be created using OpenAPI, which defines the interface of an API and allows you to generate the necessary code to interact with it.
    • Alternatively, apps can be developed using pure Python, offering flexibility and the ability to create custom functions tailored to specific needs.
  3. Access to Pre-Defined Integrations:
    • Argus SOAR provides access to a variety of pre-defined integrations that are ready to be used within your workflows. These integrations are available in the Argus SOAR library, which you can explore and utilize to quickly set up your automation tasks.
    • The library includes integrations with popular security tools, communication platforms, and other services that are essential for orchestrating security operations.

How they work

Apps serve as the primary building blocks in Argus SOAR’s workflows, enabling users to automate complex processes and integrate various services seamlessly. Here’s an overview of how they operate:

Auto-Generation and Development:

  • Auto-Generated from OpenAPI Specifications:
    • Apps can be automatically generated using OpenAPI specifications, which provide a standard way to define RESTful APIs. This feature allows Argus SOAR to quickly create apps that interact with other services by defining endpoints, parameters, and expected responses.
  • Using Argus SOAR’s App SDK:
    • For more customized functionality, apps can be developed using Argus SOAR’s app SDK, which is a toolkit designed to streamline the creation and integration of custom apps within the platform.

Versioning System:

  • Ensuring Stability and Usability:
    • Argus SOAR employs a versioning system to manage updates to apps. This system is crucial for maintaining the stability of workflows, as it prevents sudden changes from breaking existing workflows or introducing unforeseen issues.
    • Users can rely on specific versions of apps, knowing that their workflows will continue to function as expected until they choose to update to a newer version.

Multiple Actions and Variable Handling:

  • Actions and Variables:
    • Apps can contain multiple actions, each designed to perform specific tasks within a workflow. These actions can take multiple variables as inputs, allowing for dynamic interactions based on the data processed within the workflow.
    • Apps are designed to interact with each other by sharing and utilizing data from other apps within the workflow. This interconnectivity is key to building complex, responsive automation.

Environment Flexibility:

  • Operating in Multiple Environments:
    • Apps are capable of functioning across different environments, which may involve varying data sets, such as different credentials or configurations. This flexibility allows the same app to be used in multiple contexts, adjusting its behavior based on the environment it’s operating in.

Future Developments:

  • Hybrid Execution Model:
    • In future iterations, Argus SOAR plans to introduce an optional hybrid execution model. This model would allow workflows to leverage both on-premises and cloud resources, providing greater flexibility and scalability for complex automation tasks.

Actions

In Argus SOAR, an “Action” refers to a specific, reusable function within an application that performs a predefined task. These actions are the building blocks for creating workflows that automate tasks across different apps and services. Each action typically corresponds to a specific API call or command within the target application. Actions can accept multiple arguments, including authentication credentials, parameters, or other data required to execute the task.

Where are Actions Located?

Actions in Argus SOAR are associated with specific applications. To view or manage actions:

  1. Navigate to the /apps section of the Argus SOAR interface.
  2. Select the application you’re interested in.
  3. Within the app’s interface, you will find a list of available actions.

This allows users to see the predefined actions that the app can perform, which can then be used to build custom workflows.

How are Actions Configured?

Actions are configured by both developers and users:

  • For Developers: When creating or integrating an application with Argus SOAR, developers define the actions that the app can perform. These actions are designed to be flexible, allowing them to be reused across different workflows. Developers specify the function that each action will perform, the required arguments, and how the action interacts with the target application.
  • For Users: Users can configure actions as part of their workflows by selecting the action from the list provided by the app and specifying the necessary arguments. This may include providing authentication details, setting parameters, or mapping data from other actions or triggers within the workflow.

Arguments

Arguments in Argus SOAR are the variables used to perform an action within a workflow. These arguments provide the necessary input data that the action needs to execute its function correctly.

Where are Arguments Located?

Arguments are associated with specific actions within an application. To view the arguments for a particular action:

  1. Navigate to the /apps section in Argus SOAR.
  2. Select the application you’re interested in.
  3. Choose the specific action from the list of available actions.

This will display all the arguments associated with that action.

How are Arguments Configured?

Arguments are configured by both developers and users:

  • For Developers: When defining an action, developers specify the arguments required to perform the task. These arguments may include data points such as API keys, target URLs, or any other necessary inputs. Developers can also indicate which arguments are required and which are optional.
  • For Users: Users configure arguments by providing the necessary values when setting up the action within a workflow. Arguments with an orange dot next to them are required and must be filled in for the action to execute successfully. Optional arguments are marked with a yellow dot. Users are encouraged to include example text in the argument fields to indicate the expected value, ensuring clarity and reducing errors.

Typically, the first arguments of an app are related to authentication credentials or the target URL. It is recommended to use variables for these fields to enhance flexibility and reusability across different workflows.

Viewing Parameters of an Action:

To see what parameters an action has:

  1. Go to /apps in Argus SOAR.
  2. Select the app you’re working with.
  3. Choose the desired action.

This will display the list of arguments along with their requirements (required or optional) and any example text that helps indicate the expected values.

Updating apps remotely

This feature applies specifically to on-premise deployments of Argus SOAR.

When the modal opens, there are two buttons:

  • Submit – Downloads and builds NEW apps
  • Force update – Downloads and builds ALL apps
  • Cancel – Closes the modal with no action

Searching for apps

Initial Setup:

When you set up Argus SOAR for the first time, it comes pre-loaded with over 100 existing apps. These apps are sourced from the Argus SOAR-apps repository and will continue to expand over time.

Searching for Apps:

To search for specific apps:

  1. Navigate to /apps: In the Argus SOAR interface, go to the /apps section.
  2. Enter Your Search Term: In the search bar, type the name or keyword related to the app you’re looking for.
    • Example: If you search for “TheHive,” the app named “TheHive” will appear in the search results.

Debugging Apps in Argus SOAR

At times, apps in Argus SOAR may fail due to coding issues on the creator’s end. To resolve these issues, you may need to troubleshoot and debug to access the logs. More information on this process can be found in the App Creation Debugging section, which provides guidelines for identifying and fixing errors during app execution.

Create apps

Options for Creating Apps:

  1. App Creator: Argus SOAR provides an intuitive App Creator tool that allows users to design and implement apps with minimal coding effort.
  2. Python Scripting: For more advanced users, apps can also be developed directly using Python, offering greater control over functionality and customization.

For detailed instructions on how to create an app, you can refer to the App Creation Guide.

Generating Apps from OpenAPI:

If you already have an OpenAPI configuration, you can follow these steps to generate an app:

  1. Click “Generate from OpenAPI”: In the App Creator, select the option to generate an app from an OpenAPI specification.
  2. Paste OpenAPI Specification: Enter the URL or data for your OpenAPI configuration.
  3. Validate: Validate the specification to ensure it’s correct.
  4. Submit: Once validated, you will be taken to the App Creator where you can finalize your app creation.

This simplifies the process of building apps based on existing API documentation.

Edit OpenAPI app

Creating or editing an app in Argus SOAR is made to be as simple as possible

Prerequisite knowledge:

  • HTTP – POST, GET etc.

App creator:

  • Add name, description, authentication, endpoint etc..
  • Create Actions.
  • Save. 

If you’ve created an app using the editor, or uploaded an OpenAPI specification, it’s changeable. Find the app you created by searching for it, then click the “Edit app” button as seen below. You can also delete it.

Required permissions (either or):

  • Admin
  • App owner / creator

Testing apps

After you’ve found a private app on https://soar.arguscyber.ai/apps, it’s possible to test it directly. The view you get access to has the fully featured app included, meaning you won’t need to build a workflow to test it.

Options:

  • Selecting Actions
  • Configuring the action
  • Executing the action
  • Exploring the result
What are your Feelings

Leave a Reply

Your email address will not be published. Required fields are marked *