Skip to main content
Skip table of contents

Acronis

LAST UPDATED: DECEMBER 15, 2025

Overview

Acronis is a cybersecurity and data protection solution provider. It offers a range of products designed to secure and manage data for individuals, small businesses, and large enterprises. This integration enables organizations to ingest alerts into D3 VSOC, as well as create alerts and dismiss alerts.

D3 SOAR is providing REST operations to function with Acronis.

Acronis is available for use in:

D3 SOAR

V17.0+

Category

Other

Deployment Options

Option II, Option IV

Connection

Gather the following information to connect D3 SOAR to Acronis.

Parameter

Description

Example

Server URL

The server URL of the Acronis data center.

https://ca01-cloud.acronis.com

Client ID

The client ID used for authentication. The client ID can be obtained on the Acronis management UI.

*****

Client Secret

The client secret used for authentication. The client secret can be obtained on the Acronis management UI.

*****

API Version

The API version used by the integration commands. By default, the value is v1.

v1

Configuring Acronis to Work with D3 SOAR

  1. Log into the Acronis portal.

  2. Navigate to Settings > API Clients, then click the + Create API client button.

  3. Enter a name for the client, then click the Next button.

  4. Copy the Client ID, Secret, and Data center URL. Refer to steps 3.i.1 to 3.i.3 in Configuring D3 SOAR to Work with Acronis.

Configuring D3 SOAR to Work with Acronis

  1. Log in to D3 SOAR.

  2. Find the Acronis integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Acronis in the search box to find the integration, then click it to select it.

    4. Click on the + Connection button on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Acronis.

    1. Connection Name: The desired name for the connection.

    2. Site: The site on which to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.

    4. Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): The description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, users can choose the specific tenant sites with which to share the connection. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: The checkbox that enables the connection to be used when selected.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Input the Server URL. Refer to step 4 of Configuring Acronis to Work with D3 SOAR.

      2. Input the Client ID from the Acronis platform. Refer to step 4 of Configuring Acronis to Work with D3 SOAR.

      3. Input the Client Secret from the Acronis platform. Refer to step 4 of Configuring Acronis to Work with D3 SOAR.

      4. Input the API Version. The default value is v1.

    10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

    11. Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.

  4. Test the connection.

    1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

Acronis includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Acronis API, refer to the Acronis API reference.

Note for Time-related parameters

The input format of time-related parameters may vary based on user account settings, which may cause the sample data in commands to differ from what is displayed. To adjust the time format, follow these steps:

  1. Navigate to Configuration > Application Settings. Select Date/Time Format.

  2. Choose the desired date and time format, then click on the Save button.

The selected time format will now be visible when configuring Date/Time command input parameters.

Create Alert

Creates and activates an alert.

READER NOTE

Alert Type is a required parameter to run this command.

  • Run the List Alert Types command to obtain the Alert Type. Alert Types can be found in the raw data at $.items[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Alert Type

Required

The type of alert to be created. Alert Type can be obtained using the List Alert Types command.

ArchiveCorrupted

Customer Tenant ID

Optional

The ID of the customer tenant under which the alert is created.

By default, the alert is created under the parent tenant.

1258*****1fd1

Severity

Optional

The severity of the alert to be created. Valid options are:

  • Information

  • Warning

  • Error

  • Critical

By default, the value is the alert type's default severity returned by the List Alert Types command at $.items[*].severity.

Warning

Alert Details

Optional

The alert payload in JSON-object format.

JSON 
{
  "agentId": "{{agentId}}",
  "activityUuid": "*****",
  "failbackId": "3213*****5434",
  "priority": "critical",
  "taskId": "*****",
  "machineName": "{{machineName}}",
  "errorMessage": {
    "kbLink": {
      "serCode": "BackupStatusUnknown"
    }
  },
  "resourceId": "{{resourceId}}",
  "resourceName": "site_resourceB"
}

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Alert failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Create Alert failed.

Status Code: 401.

Message: Unauthorized.

Dismiss Alerts

Dismisses alerts by alert ID or by filter parameters. When no parameters are provided, all alerts are dismissed.

WARNING

When no parameters are provided, all alerts are dismissed.

READER NOTE

Alert IDs, Alert Type, Alert Categories are optional parameters to run this command.

  • Run the Fetch Event command to obtain the Alert IDs. Alert IDs can be found in the raw data at $.items[*].id.

  • Run the List Alert Types command to obtain the Alert Types. Alert Types can be found in the raw data at $.items[*].id.

  • Run the List Categories command to obtain the Alert Categories. Alert Categories can be found in the raw data at $.items[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Alert IDs

Optional

The IDs of alerts to dismiss. Alert IDs can be obtained using the Fetch Event command.

When this parameter is provided, all other parameters are ignored.

JSON 
[
  "929B*****E5D0"
]

Start Time

Optional

The start of the time range (in UTC) for dismissing alerts. Alerts updated after this time are dismissed.

04/15/2024 01:00 AM

End Time

Optional

The end of the time range (in UTC) for dismissing alerts. Alerts updated before this time are dismissed.

04/16/2024 01:00 AM

Query

Optional

Text to search within the planName or resourceName fields of alerts. The search is case-insensitive.

site_resourceA

Alert Types

Optional

Filters alerts by type. Alert Type can be obtained using the List Alert Types command.

By default, all alerts are dismissed regardless of their type.

JSON 
[
  "FailbackFailed",
  "BackupFailed"
]

Alert Categories

Optional

Filters alerts by category. Alert Categories can be obtained using the List Categories command.

By default, all alerts are dismissed regardless of their category.

JSON 
[
  "Backup"
]

Maximum Severity

Optional

Filters alerts by severity. Alerts with severity equal to or lower than the selected value are dismissed. For example, if Error is selected, then alerts with Error or Warning severity are dismissed.

Valid options are:

  • Information

  • Warning

  • Error

  • Critical

By default, all alerts are dismissed regardless of their severity.

Error

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Dismiss Alerts failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Dismiss Alerts failed.

Status Code: 401.

Message: Unauthorized.

Fetch Alerts Grouped By Scope

Returns the most recent critical alerts grouped by the selected scope.

READER NOTE

Scope Key is a required parameter to run this command.

  • Run the List Alert Types command to obtain the Scope Key. Scope Keys can be found in the raw data at

    • $.items[*].contextKeys[*]

    • $.items[*].searchableDetails[*]

Input

Input Parameter

Required/Optional

Description

Example

Scope Key

Required

The context key or searchable detail used to group results. Scope Key can be obtained using the List Alert Types command.

resourceName

Scope Values

Optional

The scope values used to filter alerts.

By default, the response contains the most recent critical status across all available alerts.

JSON 
[
  "or(site_resourceA,site_resourceB)",
  "site_resourceC"
]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Fetch Alerts Grouped By Scope failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Fetch Alerts Grouped By Scope failed.

Status Code: 401.

Message: Unauthorized.

Fetch Event

Retrieves Acronis alerts that match the query parameters. The returned alerts are sorted by updated time in descending order.

READER NOTE

Alert Type and Alert Categories are optional parameters to run this command.

  • Run the List Alert Types command to obtain the Alert Types. Alert Types can be found in the raw data at $.items[*].id.

  • Run the List Categories command to obtain the Alert Categories. Alert Categories can be found in the raw data at $.items[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Start Time

Optional

The start of the time range (in UTC) for retrieving alerts. Alerts updated after this time are returned.

By default, the value is 24 hours before End Time.

04/15/2024 01:00 AM

End Time

Optional

The end of the time range (in UTC) for retrieving alerts. Alerts updated before this time are returned.

By default, the value is the current time.

04/16/2024 01:00 AM

Number of Event(s) Fetched

Optional

The maximum number of the most recently updated alerts to return. Valid values range from 1 to 1000.

By default, all alerts that match the query parameters are returned.

10

Query

Optional

Filters alerts by text found in the planName or resourceName fields. The search is case-insensitive.

site_resourceA

Alert Types

Optional

Filters alerts by type. Alert Types can be obtained using the List Alert Types command.

By default, all alerts are returned regardless of their type.

JSON 
[
  "FailbackFailed",
  "BackupFailed"
]

Alert Categories

Optional

Filters alerts by category. Alert Categories can be obtained using the List Categories command.

By default, all alerts are returned regardless of their category.

JSON 
[
  "Backup"
]

Tenants

Optional

Filters alerts by tenant ID. Alerts belonging to the specified tenant and its child tenants are returned.

By default, all alerts are returned regardless of tenant.

JSON 
[
  "*****"
]

Minimum Severity

Optional

Filters alerts by severity. Alerts with severity equal to or higher than the selected value are returned. For example, if Error is selected, then alerts with Error or Critical severity are returned.

Valid options are:

  • Information

  • Warning

  • Error

  • Critical

By default, all alerts are returned regardless of their severity.

Error

Output

To view the sample output data for all commands, refer to this article.

Fetch Event Field Mapping

See Field Mappings.

The Acronis system integration includes pre-configured field mappings for the default event source.

The Default Event Source is the default system-provided set of field mappings applied when the fetch event command is executed. It includes a Main Event JSON Path, which is the JSONPath expression that points to the base array of event objects. The source field path continues from this array to locate the required data.

The Main Event JSON Path can be viewed by clicking on the Edit Event Source button.

Frame 51.png

  • Main Event JSON Path: $.items
    The items array contains the event objects. Within each object, the key id denotes the Event code field. As such, the full JSONPath expression to extract the Event code is $.items.id.

The pre-configured field mappings are detailed below:

Field Name

Source Field

Active

.active

Activity ID

.details.activityId

Resource ID

.details.resourceID

Resource Name

.details.resourceName

Tenant ID

.tenant.id

Tenant Locator

.tenant.locator

Tenant UUID

.tenant.uuid

Updated Time

.updatedAt

Event category

.category

Event code

.id

Event name

.details.title

Event Type

.type

Hostname

.details.machineName

Start Time

.createdAt

Description

.details.description

Alert Raw Log

.details

Severity

.severity

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Fetch Event failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Fetch Event failed.

Status Code: 401.

Message: Unauthorized.

List Alert Types

Returns all registered alert types. The returned alert types are sorted alphabetically by type ID.

READER NOTE

Categories is an optional parameter to run this command.

  • Run the List Categories command to obtain the Categories. Categories can be found in the raw data at $.items[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Categories

Optional

Filters alert types by category. Categories can be obtained using the List Categories command.

By default, all alert types are returned regardless of category.

JSON 
[
  "Backup",
  "Monitoring"
]

OS Type

Optional

Filters alert types by supported operating system. Valid options are:

  • IOS

  • Linux

  • MacOS

  • Windows

By default, all alert types are returned regardless of the operating system.

Windows

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Alert Types failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Alert Types failed.

Status Code: 401.

Message: Unauthorized.

List Categories

Returns category records.

Input

Input Parameter

Required/Optional

Description

Example

Include Disabled

Optional

The option to include disabled categories in the result. When set to True, both enabled and disabled categories are returned.

By default, only enabled categories are returned.

True

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Categories failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

List Categories failed.

Status Code: 401.

Message: Unauthorized.

Test Connection

Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

More details about an error can be viewed in the Error tab.

String

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Acronis portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unauthorized.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 401.

Message: Unauthorized.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close