What is the most effective method to store a value...

shubhamagar · 12-16-2024 01:09 AM

When working with custom connectors in Google SecOps, it's often necessary to persist certain values, like offsets, to maintain state between executions. Identifying the best approach to save and retrieve these values ensures efficient and reliable operations.

It is required to save offset value when working with more than x,000 alerts through an OEM API. Events are accessible in batch of 10/100 per call and have to keep value of offset for next run.

f3rz

If it is for duplicate identification in the TIPCommon library there are functions to read and write ids

from TIPCommon import read_ids, write_ids

You can find examples of how it is used in existing commercial connectors.

If you need something else to store, another option might be local file storage on Remote Agent.

More about TIPCommon: https://www.googlecloudcommunity.com/gc/SecOps-SOAR/TIPCommon-Library-Installation

shubhamagar

nope.. it is not for duplication. It is offset value when working with more than x,000 alerts through an api. Events are accessible in batch of 10/100 and have to keep value of offset for next run.

f3rz

You can explore VMware Carbon Black Cloud Connectors. They have the logic of recording IDs to backlog to read and process them later.

The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms.

Read more and check out our FAQ.

What is the most effective method to store a value, such as an offset, and subsequently retrieve it?