Skip to main content
Skip table of contents

Google Kubernetes Engine

LAST UPDATED: 06/13/2024

Overview

Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling organizations' containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped together to form a cluster. This integration enables organizations to manage their Kubernetes environment on Google Cloud Platform.

D3 SOAR is providing REST operations to function with Google Kubernetes Engine.

Google Kubernetes Engine is available for use in:

D3 SOAR

V14.5.121.0+

Category

ITSM

Deployment Options

Option II, Option IV

READER NOTE

To connect this integration, the Google Cloud SDK must be installed in D3 SOAR’s hosting server and D3 proxy server (if any) under the file directory C:\Program Files (x86)\Google

Please refer to the FAQ for the frequent connection error.

Known Limitations

The limits per GKE project are:

Maximum of 100 clusters per zone, plus 100 regional clusters per region.

The limits per GKE cluster are:

Limits

GKE Standard cluster

GKE Autopilot cluster

Nodes per cluster

  • 5,000 for GKE versions up to 1.17.

  • 15,000 for GKE versions 1.18 and later.

Note: To run more than 5,000 nodes requires lifting a cluster size quota. Contact support for assistance.

400

To lift this quota, contact support for assistance.

Nodes per node pool zone

1,000

N/A

Nodes in a zone

  • No node limitations for container-native load balancing with NEG-based Ingress, which is recommended whenever possible. In GKE versions 1.17 and later, NEG-based Ingress is the default mode.

  • 1,000 if you are using Instance Group-based Ingress.

N/A

Pods per node

110

32

Pods per cluster

150,000

12,800 (32 Pods/node * 400 nodes)

Containers per cluster

300,000

25,600

Endpoints per service

1,000 for GKE 1.19 and later. 250 for older versions.

To get more information about the quotas and limits for Google Kubernetes Engine (GKE) clusters, nodes, and GKE API requests, please refer to https://cloud.google.com/kubernetes-engine/quotas.

Connection

To connect Google Kubernetes Engine from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Service Account JSON

The content of the service account JSON file.

To get the service account JSON file, please refer to Obtaining the Service Account JSON section in this document.

Also, you can refer to the online documents about Access to Google APIs for Service Accounts: https://developers.google.com/identity/protocols/oauth2/service-account .

Please assign OAuth Scope https://www.googleapis.com/auth/cloud-platform.

Please note that the service account should have one of the following roles:

  • Kubernetes Engine Admin,

  • Kubernetes Engine Cluster Admin,

  • Kubernetes Engine Cluster Viewer,

  • Kubernetes Engine Developer,

  • Kubernetes Engine Host Service Agent User,

  • Kubernetes Engine Viewer.

{

"type": "service_account",

"project_id": "nimble-cortex-******",

"private_key_id": "*****",

"private_key": "-----BEGIN PRIVATE KEY-----\n*****\n-----END PRIVATE KEY-----\n", "client_email": "*****@*****.***",

"client_id": "*****",

"auth_uri": "https://accounts.google.com/o/oauth2/auth",

"token_uri": "https://oauth2.googleapis.com/token",

"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",

"client_x509_cert_url": "https://www.googleapis.com/*****"

}

Cluster

Specifies the cluster for kubernetes configuration.You can get cluster name from Kubernetes Engine in the Google Cloud Platform Console.

cluster-1

Permission Requirements

Each endpoint in the Google Kubernetes Engine API requires a certain permission scope. The following scopes are required scopes for each command in this integration:

Command

Required Permission

Google Kubernetes Engine API permissions

Kubernetes API permissions

Create Deployment

-

container.deployments.create

Create Node Pool

container.clusters.update on the requested cluster.

-

Create Pod

-

container.pods.create

Create Service

-

container.services.create

Delete Deployment

-

container.deployments.delete

Delete Node Pool

container.clusters.update on the requested cluster.

-

Delete Pods

-

container.pods.delete

Delete Services

-

container.services.delete

Describe Pod

-

container.pods.get

Get Deployment Scale

-

container.deployments.getScale OR container.deployments.get

Get Pod Log

-

container.pods.getLogs

Get Pod Status

-

container.pods.getStatus OR container.pods.get

List All Namespace Deployments

-

container.deployments.list

List All Namespace Pods

-

container.pods.list

List All Namespace Services

-

container.services.list

List Namespace Pods

-

container.pods.list

List Namespaces

-

container.namespaces.list

List Node Pools

container.clusters.get on the requested cluster.

-

List Nodes

-

container.nodes.list

Replace Deployment Scale Replicas

-

container.deployments.updateScale OR container.deployments.update

Restart Deployment

-

container.deployments.update

Set Node Pool Size

container.clusters.update on the requested cluster.

-

Update Deployment

-

container.deployments.update

Test Connection

container.clusters.list on the requested Cloud project,
container.clusters.get to see each cluster's credentials.

container.pods.list

READER NOTE

To get more information about Required Permissions, please refer to Google Kubernetes Engine API permission.

Configuring Google Kubernetes Engine to Work with D3 SOAR

Creating custom roles (Optional)

READER NOTE

It is best practice to grant only the necessary permissions when creating roles. You can do so by configuring a custom role with essential permissions.

A custom role, with essential permissions, is suggested if you are planning to use the google cloud default kubernetes roles. Please skip this section and start from step 7 of Obtaining the Service Account JSON.

  1. Log in to the Google Cloud Platform (GCP) console with admin credentials.

  2. Click the Hamburger Menu in the top left corner to show the slider sidebar menu. Navigation to IAM and admin, in its submenu, select Roles and click it.

  3. Click + CREATE ROLE on the top.

  4. Input Title, and click the button ADD PERMISSIONS. Search and select the desired permissions, then click ADD. Click CREATE.

READER NOTE

To execute all provided commands in D3 SOAR, the following 18 permissions must be included.

Google Kubernetes Engie Reader note assigned permission1.png

Please refer to the Permission Requirements for the different commands in the D3 SOAR Google Kubernetes Engine Integration.

Obtaining the Service Account JSON

  1. To connect Google Kubernetes Engine with D3 SOAR, we need to configure the Service Account JSON file. First, log in to the Google Cloud Platform (GCP) console with admin credentials.

  2. Click the Hamburger Menu in the top left corner to reveal the sidebar menu. Navigate to APIs and services. In its submenu, select Credentials.

  3. Click + CREATE CREDENTIALS, and select Service account.

  4. Input the Service account name and description, and click CREATE AND CONTINUE.

  5. Assign a role to the service account (e.g. owner), then click CONTINUE.

READER NOTE

You can narrow down the service account’s access permissions by assigning the following roles according to your request:

  • Google Cloud Roles with prefixed permissions:
    Kubernetes Engine Admin, Kubernetes Engine Cluster Admin, Kubernetes Engine Cluster Viewer, Kubernetes Engine Developer, Kubernetes Engine Host Service Agent User, Kubernetes Engine Viewer.

  • Customer Roles. Refer to Creating custom roles (Optional).

  1. You can opt to grant users access to this service account. Click DONE to confirm your configurations.

  2. You will find the service account you have just created on the credentials page. Click and open the service account.

  3. In the KEYS tab, click ADD KEY, then select Create new key.

  4. Choose JSON as the key type, then click CREATE.

  5. The Service Account JSON file (Private key) will automatically be downloaded to your computer.

  6. If this is your first time using Google Kubernetes Engine API, you will need to enable it in Google API Library. First, click the Google Cloud Platform navigation menu, in the slide-out side menu, find API and Services, hover over it, and then in its submenu, select Library.

  7. Search and select Kubernetes Engine API.

  8. Click the ENABLE button. You will see the Kubernetes Engine API enabled.

Configuring the Service Account Domain-wide Delegation

You will also need to enable the Google Workspace domain-wide delegation for your created service account. Please follow the steps below.

  1. Log in to the Google Workspace Admin Console with admin credentials. Click Security > Access and data control > API controls. Scroll down and click MANAGE DOMAIN-WIDE DELEGATION.

  2. Click Add new to add a new API client.

  3. Find your Client ID in the service account you created and paste it into the Client ID field. Input https://www.googleapis.com/auth/cloud-platform into the OAuth scopes field, then click AUTHORISE.

  4. The service account domain-wide delegation can now be found on the API controls page. Your created service account is now ready to use.

Assign Permissions to Service Account

  1. Log in to your GCP portal, click IAM & Admin then IAM in the Navigation menu on the left side. In the PERMISSION tab, choose your service account, then click Edit.

  2. Make sure to add one of the following roles then click SAVE.

    • Kubernetes Engine Admin

    • Kubernetes Engine Cluster Admin

    • Kubernetes Engine Cluster Viewer

    • Kubernetes Engine Developer

    • Kubernetes Engine Service Agent

    • Kubernetes Engine Viewer

    • Custom role for Google Kubernetes access. Refer to Creating custom roles (Optional) for role creation. Check Permission Requirements for the minimum permission of each command).

Obtaining the Cluster name

  1. Select the correct project

  2. Click the Hamburger Menu in the top left corner to reveal the slider sidebar menu. Navigation to Kubernetes Engine, in its submenu, select Clusters and click it.

  3. You can find the cluster name under the Name tab.

Configuring D3 SOAR to work with Google Kubernetes Engine

  1. Log in to D3 SOAR.

  2. Find the Google Kubernetes Engine integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Google Kubernetes Engine in the search box to find the integration, then click it to select it.

    4. Click + Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Google Kubernetes Engine.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Configure User Permissions: Defines which users have access to the connection.

    7. Active: Check the tick box to ensure the connection is available for use.

    8. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
      1. Input your downloaded Server Account JSON. Please refer to step 10 of Obtaining the Service Account JSON to download your Server Account JSON.
      2. Input your Cluster name. Please refer to Obtaining the Cluster name to get your Cluster name.

    9. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
      To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

    10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

Google Kubernetes Engine includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Google Kubernetes Engine API, please refer to the Google Kubernetes Engine API reference.

READER NOTE

Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Google Kubernetes Engine to Work with D3 SOAR for details.

Create Deployment

Creates a deployment with the specified configuration in the specified namespace.

READER NOTE

NameSpace is an optional parameter to run this command.

  • Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace in which the deployment will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Configuration

Required

The configuration of the deployment. The format is YAML or JSON.

apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-*****
spec:
replicas: 2
selector:
matchLabels:
app: nginxj
serviceName: *****
template:
metadata:
labels:
app: nginxj
spec:
containers:
- name: *****
image: nginx:***.***.***
ports:
- containerPort: *****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "apps/v1",
    "kind": "Deployment",
    "metadata": {
        "annotations": null,
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 17:43:51+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": null,
        "generation": 1,
        "labels": null,
        "managed_fields": [
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:progressDeadlineSeconds": {},
                        "f:replicas": {},
                        "f:revisionHistoryLimit": {},
                        "f:selector": {},
                        "f:strategy": {
                            "f:rollingUpdate": {
                                ".": {},
                                "f:maxSurge": {},
                                "f:maxUnavailable": {}
                            },
                            "f:type": {}
                        },
                        "f:template": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:containers": {
                                    "k:{\"name\":\"*****\"}": {
                                        ".": {},
                                        "f:image": {},
                                        "f:imagePullPolicy": {},
                                        "f:name": {},
                                        "f:ports": {
                                            ".": {},
                                            "k:{\"containerPort\":*****,\"protocol\":\"TCP\"}": {
                                                ".": {},
                                                "f:containerPort": {},
                                                "f:protocol": {}
                                            }
                                        },
                                        "f:resources": {},
                                        "f:terminationMessagePath": {},
                                        "f:terminationMessagePolicy": {}
                                    }
                                },
                                "f:dnsPolicy": {},
                                "f:restartPolicy": {},
                                "f:schedulerName": {},
                                "f:securityContext": {},
                                "f:terminationGracePeriodSeconds": {}
                            }
                        }
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 17:43:51+00:00"
            }
        ],
        "name": "deployment-*****",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "min_ready_seconds": null,
        "paused": null,
        "progress_deadline_seconds": 600,
        "replicas": 2,
        "revision_history_limit": 10,
        "selector": {
            "match_expressions": null,
            "match_labels": {
                "app": "nginxj"
            }
        },
        "strategy": {
            "rolling_update": {
                "max_surge": "25%",
                "max_unavailable": "25%"
            },
            "type": "RollingUpdate"
        },
        "template": {
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": null,
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "app": "nginxj"
                },
                "managed_fields": null,
                "name": null,
                "namespace": null,
                "owner_references": null,
                "resource_version": null,
                "self_link": null,
                "uid": null
            },
            "spec": {
                "active_deadline_seconds": null,
                "affinity": null,
                "automount_service_account_token": null,
                "containers": [
                    {
                        "args": null,
                        "command": null,
                        "env": null,
                        "env_from": null,
                        "image": "nginx:***.***.***",
                        "image_pull_policy": "IfNotPresent",
                        "lifecycle": null,
                        "liveness_probe": null,
                        "name": "*****",
                        "ports": [
                            {
                                "container_port": *****,
                                "host_ip": null,
                                "host_port": null,
                                "name": null,
                                "protocol": "TCP"
                            }
                        ],
                        "readiness_probe": null,
                        "resources": {
                            "limits": null,
                            "requests": null
                        },
                        "security_context": null,
                        "startup_probe": null,
                        "stdin": null,
                        "stdin_once": null,
                        "termination_message_path": "/dev/termination-***",
                        "termination_message_policy": "File",
                        "tty": null,
                        "volume_devices": null,
                        "volume_mounts": null,
                        "working_dir": null
                    }
                ],
                "dns_config": null,
                "dns_policy": "ClusterFirst",
                "enable_service_links": null,
                "ephemeral_containers": null,
                "host_aliases": null,
                "host_ipc": null,
                "host_network": null,
                "host_pid": null,
                "hostname": null,
                "image_pull_secrets": null,
                "init_containers": null,
                "node_name": null,
                "node_selector": null,
                "os": null,
                "overhead": null,
                "preemption_policy": null,
                "priority": null,
                "priority_class_name": null,
                "readiness_gates": null,
                "restart_policy": "Always",
                "runtime_class_name": null,
                "scheduler_name": "default-scheduler",
                "security_context": {
                    "fs_group": null,
                    "fs_group_change_policy": null,
                    "run_as_group": null,
                    "run_as_non_root": null,
                    "run_as_user": null,
                    "se_linux_options": null,
                    "seccomp_profile": null,
                    "supplemental_groups": null,
                    "sysctls": null,
                    "windows_options": null
                },
                "service_account": null,
                "service_account_name": null,
                "set_hostname_as_fqdn": null,
                "share_process_namespace": null,
                "subdomain": null,
                "termination_grace_period_seconds": 30,
                "tolerations": null,
                "topology_spread_constraints": null,
                "volumes": null
            }
        }
    },
    "status": {
        "available_replicas": null,
        "collision_count": null,
        "conditions": null,
        "observed_generation": null,
        "ready_replicas": null,
        "replicas": null,
        "unavailable_replicas": null,
        "updated_replicas": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "DeploymentName": [
        "deployment-*****"
    ],
    "DeploymentID": [
        "*****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

apps/v1

kind

Deployment

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-09 17:43:51+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 1, 'labels': None, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:containers': {'k:{"name":"*****"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:ports': {'.': {}, 'k:{"containerPort":*****,"protocol":"TCP"}': {'.': {}, 'f:containerPort': {}, 'f:protocol': {}}}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 17:43:51+00:00'}], 'name': 'deployment-2022*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'min_ready_seconds': None, 'paused': None, 'progress_deadline_seconds': 600, 'replicas': 2, 'revision_history_limit': 10, 'selector': {'match_expressions': None, 'match_labels': {'app': 'nginxj'}}, 'strategy': {'rolling_update': {'max_surge': '25%', 'max_unavailable': '25%'}, 'type': 'RollingUpdate'}, 'template': {'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginxj'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:***.***.***', 'image_pull_policy': 'IfNotPresent', 'lifecycle': None, 'liveness_probe': None, 'name': '*****', 'ports': [{'container_port': *****, 'host_ip': None, 'host_port': None, 'name': None, 'protocol': 'TCP'}], 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'topology_spread_constraints': None, 'volumes': None}}}

status

{'available_replicas': None, 'collision_count': None, 'conditions': None, 'observed_generation': None, 'ready_replicas': None, 'replicas': None, 'unavailable_replicas': None, 'updated_replicas': None}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Deployment failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 409.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Deployment Already Exists.

Error Sample Data

Create Deployment failed.

Status Code: 409.

Message: Deployment Already Exists.

Create Node Pool

Creates a node pool for a cluster.

Input

Input Parameter

Required/Optional

Description

Example

Node Pool Name

Required

The name of the node pool.

nodepool-api-*****

Initial Node Count

Optional

The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have an available firewall and route quota.

1

Locations

Optional

The list of Google Compute Engine zones in which the NodePool's nodes should be located. If this value is unspecified during node pool creation, the Cluster. Locations value will be used instead. Warning: changing node pool locations will result in nodes being added and/or removed.

[ us-west1-b ]

Autoscaling

Optional

Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present.

false

Minimum number of nodes

Optional

Minimum number of nodes for one location in the NodePool. Must be >= 1 and <= Maximum number of nodes.

1

Maximum number of nodes

Optional

Maximum number of nodes for one location in the NodePool. Must be >= Minimum number of nodes. There has to be enough quota to scale up the cluster.

1

AutoProvisioned

Optional

If this node pool can be deleted automatically. Can't mark node-pool as autoProvisioned if node autoProvisioning is not enabled in the cluster.

false

AutoUpgrade

Optional

A flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.

True

AutoRepair

Optional

A flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

True

Max Surge

Optional

The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.

1

Max Unavailable

Optional

The maximum number of nodes that can be simultaneously unavailable during the upgrade process. A node is considered available if its status is Ready.

1

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "name": "operation-*****",
    "zone": "us-west1-a",
    "operationType": "CREATE_NODE_POOL",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/*****",
    "targetLink": "https://container.googleapis.com/*****",
    "startTime": "2022-03-08T00:16:17.852012589Z"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Name": [
        "operation-*****"
    ],
    "Zone": [
        "us-west1-a"
    ],
    "OperationType": [
        "CREATE_NODE_POOL"
    ],
    "Status": [
        "RUNNING"
    ]

}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

operation-*****-*****

zone

us-west1-a

operationType

CREATE_NODE_POOL

status

RUNNING

selfLink

https://container.googleapis.com/*****

targetLink

https://container.googleapis.com/*****

startTime

2022-03-08T00:16:17.852012589Z

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Node Pool failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

Create Node Pool failed. Failed to load gcloud.

Status Code: 403.

Message: Permission denied.

Create Pod

Creates a pod with the specified configuration in the specified namespace.

READER NOTE

NameSpace is an optional parameter to run this command.

  • Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace in which the pod will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Configuration

Required

The configuration of the pod. The format is YAML or JSON.

apiVersion: v1

kind: Pod

metadata:

name: pod-*****

spec:

containers:

- name: *****

image: nginx:***.***.***

ports:

- containerPort: *****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "kind": "Pod",
    "metadata": {
        "annotations": null,
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 22:12:59+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": null,
        "generation": null,
        "labels": null,
        "managed_fields": [
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:containers": {
                            "k:{\"name\":\"*****\"}": {
                                ".": {},
                                "f:image": {},
                                "f:imagePullPolicy": {},
                                "f:name": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"containerPort\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:containerPort": {},
                                        "f:protocol": {}
                                    }
                                },
                                "f:resources": {},
                                "f:terminationMessagePath": {},
                                "f:terminationMessagePolicy": {}
                            }
                        },
                        "f:dnsPolicy": {},
                        "f:enableServiceLinks": {},
                        "f:restartPolicy": {},
                        "f:schedulerName": {},
                        "f:securityContext": {},
                        "f:terminationGracePeriodSeconds": {}
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 22:12:59+00:00"
            }
        ],
        "name": "pod-*****",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****
    },
    "spec": {
        "active_deadline_seconds": null,
        "affinity": null,
        "automount_service_account_token": null,
        "containers": [
            {
                "args": null,
                "command": null,
                "env": null,
                "env_from": null,
                "image": "nginx:***.***.***",
                "image_pull_policy": "IfNotPresent",
                "lifecycle": null,
                "liveness_probe": null,
                "name": "*****",
                "ports": [
                    {
                        "container_port": *****,
                        "host_ip": null,
                        "host_port": null,
                        "name": null,
                        "protocol": "TCP"
                    }
                ],
                "readiness_probe": null,
                "resources": {
                    "limits": null,
                    "requests": null
                },
                "security_context": null,
                "startup_probe": null,
                "stdin": null,
                "stdin_once": null,
                "termination_message_path": "/dev/termination-***",
                "termination_message_policy": "File",
                "tty": null,
                "volume_devices": null,
                "volume_mounts": [
                    {
                        "mount_path": "/var/*****/*****/*****.***/*****",
                        "mount_propagation": null,
                        "name": "kube-api-*****-*****",
                        "read_only": true,
                        "sub_path": null,
                        "sub_path_expr": null
                    }
                ],
                "working_dir": null
            }
        ],
        "dns_config": null,
        "dns_policy": "ClusterFirst",
        "enable_service_links": true,
        "ephemeral_containers": null,
        "host_aliases": null,
        "host_ipc": null,
        "host_network": null,
        "host_pid": null,
        "hostname": null,
        "image_pull_secrets": null,
        "init_containers": null,
        "node_name": null,
        "node_selector": null,
        "os": null,
        "overhead": null,
        "preemption_policy": "PreemptLowerPriority",
        "priority": 0,
        "priority_class_name": null,
        "readiness_gates": null,
        "restart_policy": "Always",
        "runtime_class_name": null,
        "scheduler_name": "default-scheduler",
        "security_context": {
            "fs_group": null,
            "fs_group_change_policy": null,
            "run_as_group": null,
            "run_as_non_root": null,
            "run_as_user": null,
            "se_linux_options": null,
            "seccomp_profile": null,
            "supplemental_groups": null,
            "sysctls": null,
            "windows_options": null
        },
        "service_account": "default",
        "service_account_name": "default",
        "set_hostname_as_fqdn": null,
        "share_process_namespace": null,
        "subdomain": null,
        "termination_grace_period_seconds": 30,
        "tolerations": [
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/not-ready",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            },
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/unreachable",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            }
        ],
        "topology_spread_constraints": null,
        "volumes": [
            {
                "aws_elastic_block_store": null,
                "azure_disk": null,
                "azure_file": null,
                "cephfs": null,
                "cinder": null,
                "config_map": null,
                "csi": null,
                "downward_api": null,
                "empty_dir": null,
                "ephemeral": null,
                "fc": null,
                "flex_volume": null,
                "flocker": null,
                "gce_persistent_disk": null,
                "git_repo": null,
                "glusterfs": null,
                "host_path": null,
                "iscsi": null,
                "name": "kube-api-*****-*****",
                "nfs": null,
                "persistent_volume_claim": null,
                "photon_persistent_disk": null,
                "portworx_volume": null,
                "projected": {
                    "default_mode": 420,
                    "sources": [
                        {
                            "config_map": null,
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": {
                                "audience": null,
                                "expiration_seconds": 3607,
                                "path": "token"
                            }
                        },
                        {
                            "config_map": {
                                "items": [
                                    {
                                        "key": "ca.crt",
                                        "mode": null,
                                        "path": "ca.crt"
                                    }
                                ],
                                "name": "*****",
                                "optional": null
                            },
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": null
                        },
                        {
                            "config_map": null,
                            "downward_api": {
                                "items": [
                                    {
                                        "field_ref": {
                                            "api_version": "v1",
                                            "field_path": "metadata.namespace"
                                        },
                                        "mode": null,
                                        "path": "namespace",
                                        "resource_field_ref": null
                                    }
                                ]
                            },
                            "secret": null,
                            "service_account_token": null
                        }
                    ]
                },
                "quobyte": null,
                "rbd": null,
                "scale_io": null,
                "secret": null,
                "storageos": null,
                "vsphere_volume": null
            }
        ]
    },
    "status": {
        "conditions": null,
        "container_statuses": null,
        "ephemeral_container_statuses": null,
        "host_ip": null,
        "init_container_statuses": null,
        "message": null,
        "nominated_node_name": null,
        "phase": "Pending",
        "pod_ip": null,
        "pod_i_ps": null,
        "qos_class": "BestEffort",
        "reason": null,
        "start_time": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "PodName": [
        "pod-*****"
    ],
    "PodID": [
        "*****
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Pod

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-09 22:12:59+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:containers': {'k:{"name":"*****"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:ports': {'.': {}, 'k:{"containerPort":*****,"protocol":"TCP"}': {'.': {}, 'f:containerPort': {}, 'f:protocol': {}}}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 22:12:59+00:00'}], 'name': 'pod-*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:***.***.***', 'image_pull_policy': 'IfNotPresent', 'lifecycle': None, 'liveness_probe': None, 'name': '*****', 'ports': [{'container_port': *****, 'host_ip': None, 'host_port': None, 'name': None, 'protocol': 'TCP'}], 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': '*****', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': '*****', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}

status

{'conditions': None, 'container_statuses': None, 'ephemeral_container_statuses': None, 'host_ip': None, 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Pending', 'pod_ip': None, 'pod_i_ps': None, 'qos_class': 'BestEffort', 'reason': None, 'start_time': None}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Pod failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Bad Request.

Error Sample Data

Create Pod failed.

Status Code: 400.

Message: Bad Request.

Create Service

Creates a service with the specified configuration in the specified namespace.

READER NOTE

NameSpace is an optional parameter to run this command.

  • Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace in which the service will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Configuration

Required

The configuration of the service. The format is YAML or JSON.

apiVersion: v1

kind: Pod

metadata:

name: pod-*****

spec:

containers:

- name: *****

image: nginx:***.***.***

ports:

- containerPort: *****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "kind": "Service",
    "metadata": {
        "annotations": {
            "cloud.google.com/neg": "{\"ingress\":true}"
        },
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 18:14:01+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": null,
        "generation": null,
        "labels": {
            "app": "nginxj"
        },
        "managed_fields": [
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:metadata": {
                        "f:labels": {
                            ".": {},
                            "f:app": {}
                        }
                    },
                    "f:spec": {
                        "f:externalTrafficPolicy": {},
                        "f:ports": {
                            ".": {},
                            "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                ".": {},
                                "f:port": {},
                                "f:protocol": {},
                                "f:targetPort": {}
                            }
                        },
                        "f:selector": {
                            ".": {},
                            "f:app": {}
                        },
                        "f:sessionAffinity": {},
                        "f:type": {}
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 18:14:01+00:00"
            }
        ],
        "name": "*****",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "allocate_load_balancer_node_ports": null,
        "cluster_ip": "***.***.***.***",
        "cluster_i_ps": [
            "***.***.***.***"
        ],
        "external_i_ps": null,
        "external_name": null,
        "external_traffic_policy": "Cluster",
        "health_check_node_port": null,
        "internal_traffic_policy": null,
        "ip_families": [
            "IPv4"
        ],
        "ip_family_policy": "SingleStack",
        "load_balancer_class": null,
        "load_balancer_ip": null,
        "load_balancer_source_ranges": null,
        "ports": [
            {
                "app_protocol": null,
                "name": null,
                "node_port": *****,
                "port": *****,
                "protocol": "TCP",
                "target_port": *****
            }
        ],
        "publish_not_ready_addresses": null,
        "selector": {
            "app": "nginxj"
        },
        "session_affinity": "None",
        "session_affinity_config": null,
        "type": "LoadBalancer"
    },
    "status": {
        "conditions": null,
        "load_balancer": {
            "ingress": null
        }
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "ServiceName": [
        "*****"
    ],
    "ServiceID": [
        "*****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Service

metadata

{'annotations': {'cloud.google.com/neg': '{"ingress":true}'}, 'cluster_name': None, 'creation_timestamp': '2022-03-09 18:14:01+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginxj'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:externalTrafficPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 18:14:01+00:00'}], 'name': '*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': 'Cluster', 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': None, 'node_port': *****, 'port': **********, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'app': 'nginxj'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'LoadBalancer'}

status

{'conditions': None, 'load_balancer': {'ingress': None}}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Service failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 409.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Service already exists.

Error Sample Data

Create Service failed.

Status Code: 409.

Message: Service already exists.

Delete Deployment

Deletes one or more deployments with the specified names in the specified namespace.

READER NOTE

The parameter Deployment Names is required to run this command.

  • Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Deployments command to obtain NameSpace. NameSpace can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended to run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Deployment Names

Required

The names of the deployments to be deleted. Deployment Names can be obtained using the List All Namespace Deployments command.

[ "deployment-*****" ]

NameSpace

Optional

The namespace in which the deployment will be deleted. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "api_version": "apps/v1",
        "code": null,
        "details": null,
        "kind": "Deployment",
        "message": null,
        "metadata": {
            "_continue": null,
            "remaining_item_count": null,
            "resource_version": "*****",
            "self_link": null
        },
        "reason": null,
        "status": "{'observedGeneration': 1, 'replicas': 2, 'updatedReplicas': 2, 'readyReplicas': 2, 'availableReplicas': 2, 'conditions': [{'type': 'Available', 'status': 'True', 'lastUpdateTime': '2022-03-09T17:43:58Z', 'lastTransitionTime': '2022-03-09T17:43:58Z', 'reason': 'MinimumReplicasAvailable', 'message': 'Deployment has minimum availability.'}, {'type': 'Progressing', 'status': 'True', 'lastUpdateTime': '2022-03-09T17:43:58Z', 'lastTransitionTime': '2022-03-09T17:43:51Z', 'reason': 'NewReplicaSetAvailable', 'message': 'ReplicaSet \"deployment-******\" has successfully progressed.'}]}"
    }
]
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

apps/v1

code

None

details

None

kind

Deployment

message

None

metadata

{'_continue': None, 'remaining_item_count': None, 'resource_version': '*****', 'self_link': None}

reason

None

status

{'observedGeneration': 1, 'replicas': 2, 'updatedReplicas': 2, 'readyReplicas': 2, 'availableReplicas': 2, 'conditions': [{'type': 'Available', 'status': 'True', 'lastUpdateTime': '2022-03-09T17:43:58Z', 'lastTransitionTime': '2022-03-09T17:43:58Z', 'reason': 'MinimumReplicasAvailable', 'message': 'Deployment has minimum availability.'}, {'type': 'Progressing', 'status': 'True', 'lastUpdateTime': '2022-03-09T17:43:58Z', 'lastTransitionTime': '2022-03-09T17:43:51Z', 'reason': 'NewReplicaSetAvailable', 'message': 'ReplicaSet "deployment-*****" has successfully progressed.'}]}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Deployment failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Deployment Not Found.

Error Sample Data

Delete Deployment failed.

Status Code: 404.

Message: Deployment Not Found.

Delete Node Pool

Deletes a node pool from a cluster.

READER NOTE

Node Pool Name is a required parameter to run this command.

  • Run the List Node Pools command to obtain the Node Pool Name. Node Pool Names can be found in the raw data at the path $.nodePools.name.

Input

Input Parameter

Required/Optional

Description

Example

Node Pool Name

Required

The name of the node pool to be deleted. Node Pool Name can be obtained using the List Node Pools command.

nodepool-api-*****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "name": "operation-****",
    "zone": "us-west1-a",
    "operationType": "DELETE_NODE_POOL",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/*****",
    "targetLink": "https://container.googleapis.com/*****",
    "startTime": "2022-03-08T01:11:59.700315156Z"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Name": [
        "operation-****"
    ],
    "Zone": [
        "us-west1-a"
    ],
    "OperationType": [
        "DELETE_NODE_POOL"
    ],
    "Status": [
        "RUNNING"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

operation-*****-*****

zone

us-west1-a

operationType

DELETE_NODE_POOL

status

RUNNING

selfLink

https://container.googleapis.com/*****

targetLink

https://container.googleapis.com/*****

startTime

2022-03-08T01:11:59.700315156Z

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Node Pool failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code Listt for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Node Pool Not Found.

Error Sample Data

Delete Node Pool failed.

Status Code: 404.

Message: Node Pool Not Found.

Delete Pods

Deletes pod(s) in the specified namespace.

READER NOTE

The parameter Pod Names is required to run this command.

  • Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name, otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace in which the pod(s) will be deleted. NameSpace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Pod Names

Required

The names of the pods to be deleted. Pod Names can be obtained using the List All Namespace Pods command.

[ "busybox-test***" ]

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "kind": "Pod",
    "metadata": {
        "annotations": null,
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 22:09:20+00:00",
        "deletion_grace_period_seconds": 30,
        "deletion_timestamp": "2022-03-09 23:03:00+00:00",
        "finalizers": null,
        "generate_name": null,
        "generation": null,
        "labels": null,
        "managed_fields": [
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:containers": {
                            "k:{\"name\":\"sleep\"}": {
                                ".": {},
                                "f:args": {},
                                "f:image": {},
                                "f:imagePullPolicy": {},
                                "f:name": {},
                                "f:resources": {},
                                "f:terminationMessagePath": {},
                                "f:terminationMessagePolicy": {}
                            }
                        },
                        "f:dnsPolicy": {},
                        "f:enableServiceLinks": {},
                        "f:restartPolicy": {},
                        "f:schedulerName": {},
                        "f:securityContext": {},
                        "f:terminationGracePeriodSeconds": {}
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 22:09:20+00:00"
            },
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:status": {
                        "f:conditions": {
                            "k:{\"type\":\"ContainersReady\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Initialized\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Ready\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            }
                        },
                        "f:containerStatuses": {},
                        "f:hostIP": {},
                        "f:phase": {},
                        "f:podIP": {},
                        "f:podIPs": {
                            ".": {},
                            "k:{\"ip\":\"***.***.***.***\"}": {
                                ".": {},
                                "f:ip": {}
                            }
                        },
                        "f:startTime": {}
                    }
                },
                "manager": "kubelet",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 22:09:21+00:00"
            }
        ],
        "name": "busybox-test***",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "active_deadline_seconds": null,
        "affinity": null,
        "automount_service_account_token": null,
        "containers": [
            {
                "args": [
                    "/bin/sh",
                    "-c",
                    "while true;do date;sleep 5; done"
                ],
                "command": null,
                "env": null,
                "env_from": null,
                "image": "busybox",
                "image_pull_policy": "Always",
                "lifecycle": null,
                "liveness_probe": null,
                "name": "sleep",
                "ports": null,
                "readiness_probe": null,
                "resources": {
                    "limits": null,
                    "requests": null
                },
                "security_context": null,
                "startup_probe": null,
                "stdin": null,
                "stdin_once": null,
                "termination_message_path": "/dev/termination-***",
                "termination_message_policy": "File",
                "tty": null,
                "volume_devices": null,
                "volume_mounts": [
                    {
                        "mount_path": "/var/*****/*****/*****.***/*****",
                        "mount_propagation": null,
                        "name": "kube-api-access-****2",
                        "read_only": true,
                        "sub_path": null,
                        "sub_path_expr": null
                    }
                ],
                "working_dir": null
            }
        ],
        "dns_config": null,
        "dns_policy": "ClusterFirst",
        "enable_service_links": true,
        "ephemeral_containers": null,
        "host_aliases": null,
        "host_ipc": null,
        "host_network": null,
        "host_pid": null,
        "hostname": null,
        "image_pull_secrets": null,
        "init_containers": null,
        "node_name": "*****",
        "node_selector": null,
        "os": null,
        "overhead": null,
        "preemption_policy": "PreemptLowerPriority",
        "priority": 0,
        "priority_class_name": null,
        "readiness_gates": null,
        "restart_policy": "Always",
        "runtime_class_name": null,
        "scheduler_name": "default-scheduler",
        "security_context": {
            "fs_group": null,
            "fs_group_change_policy": null,
            "run_as_group": null,
            "run_as_non_root": null,
            "run_as_user": null,
            "se_linux_options": null,
            "seccomp_profile": null,
            "supplemental_groups": null,
            "sysctls": null,
            "windows_options": null
        },
        "service_account": "default",
        "service_account_name": "default",
        "set_hostname_as_fqdn": null,
        "share_process_namespace": null,
        "subdomain": null,
        "termination_grace_period_seconds": 30,
        "tolerations": [
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/not-ready",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            },
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/unreachable",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            }
        ],
        "topology_spread_constraints": null,
        "volumes": [
            {
                "aws_elastic_block_store": null,
                "azure_disk": null,
                "azure_file": null,
                "cephfs": null,
                "cinder": null,
                "config_map": null,
                "csi": null,
                "downward_api": null,
                "empty_dir": null,
                "ephemeral": null,
                "fc": null,
                "flex_volume": null,
                "flocker": null,
                "gce_persistent_disk": null,
                "git_repo": null,
                "glusterfs": null,
                "host_path": null,
                "iscsi": null,
                "name": "kube-api-access-****2",
                "nfs": null,
                "persistent_volume_claim": null,
                "photon_persistent_disk": null,
                "portworx_volume": null,
                "projected": {
                    "default_mode": 420,
                    "sources": [
                        {
                            "config_map": null,
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": {
                                "audience": null,
                                "expiration_seconds": 3607,
                                "path": "token"
                            }
                        },
                        {
                            "config_map": {
                                "items": [
                                    {
                                        "key": "ca.crt",
                                        "mode": null,
                                        "path": "ca.crt"
                                    }
                                ],
                                "name": "*****",
                                "optional": null
                            },
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": null
                        },
                        {
                            "config_map": null,
                            "downward_api": {
                                "items": [
                                    {
                                        "field_ref": {
                                            "api_version": "v1",
                                            "field_path": "metadata.namespace"
                                        },
                                        "mode": null,
                                        "path": "namespace",
                                        "resource_field_ref": null
                                    }
                                ]
                            },
                            "secret": null,
                            "service_account_token": null
                        }
                    ]
                },
                "quobyte": null,
                "rbd": null,
                "scale_io": null,
                "secret": null,
                "storageos": null,
                "vsphere_volume": null
            }
        ]
    },
    "status": {
        "conditions": [
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:20+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Initialized"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:21+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Ready"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:21+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "ContainersReady"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:20+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "PodScheduled"
            }
        ],
        "container_statuses": [
            {
                "container_id": "containerd://*****",
                "image": "docker.io/library/busybox:latest",
                "image_id": "docker.io/library/busybox@sha256:*****",
                "last_state": {
                    "running": null,
                    "terminated": null,
                    "waiting": null
                },
                "name": "sleep",
                "ready": true,
                "restart_count": 0,
                "started": true,
                "state": {
                    "running": {
                        "started_at": "2022-03-09 22: 09: 21+00: 00"
                    },
                    "terminated": null,
                    "waiting": null
                }
            }
        ],
        "ephemeral_container_statuses": null,
        "host_ip": "***.***.***.****",
        "init_container_statuses": null,
        "message": null,
        "nominated_node_name": null,
        "phase": "Running",
        "pod_ip": "***.***.***.***",
        "pod_i_ps": [
            {
                "ip": "***.***.***.***"
            }
        ],
        "qos_class": "BestEffort",
        "reason": null,
        "start_time": "2022-03-09 22:09:20+00:00"
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "PodNames": [
        "busybox-test***"
    ],
    "PodIDs": [
        "*****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Pod

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-09 22:09:20+00:00', 'deletion_grace_period_seconds': 30, 'deletion_timestamp': '2022-03-09 23:03:00+00:00', 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:containers': {'k:{"name":"sleep"}': {'.': {}, 'f:args': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 22:09:20+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"***.***.***.***"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 22:09:21+00:00'}], 'name': 'busybox-test456', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': ['/bin/sh', '-c', 'while true;do date;sleep 5; done'], 'command': None, 'env': None, 'env_from': None, 'image': 'busybox', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'sleep', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': 'kube-api-access-rjnx2', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': '*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': 'kube-api-access-rjnx2', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}

status

{'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-09 22:09:20+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-09 22:09:21+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-09 22:09:21+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-09 22:09:20+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'PodScheduled'}], 'container_statuses': [{'container_id': 'containerd://4e3b9267cdd45d52710549fbdb685ae1ef652e99d77f461934c4be47b1c82f8e', 'image': 'http://docker.io/library/busybox:latest ', 'image_id': 'http://docker.io/library/busybox@sha256:***** ', 'last_state': {'running': None, 'terminated': None, 'waiting': None}, 'name': 'sleep', 'ready': True, 'restart_count': 0, 'started': True, 'state': {'running': {'started_at': '2022-03-09 22: 09: 21+00: 00'}, 'terminated': None, 'waiting': None}}], 'ephemeral_container_statuses': None, 'host_ip': '***.***.***.***', 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Running', 'pod_ip': '***.***.***.***', 'pod_i_ps': [{'ip': '***.***.***.***'}], 'qos_class': 'BestEffort', 'reason': None, 'start_time': '2022-03-09 22:09:20+00:00'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Pods failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Pod Not Found.

Error Sample Data

Delete Pods failed.

Status Code: 404.

Message: Pod Not Found.

Delete Services

Deletes one or more services with the specified name in the specified namespace.

READER NOTE

The parameter Service Names is required to run this command.

  • Run the List All Namespace Services command to obtain Service Names. Service Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Services command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input service names must match your input namespace. Otherwise, an error (services \"your input service name\" not found) will be returned. It is recommended that you run the List All Namespace Services command and find your desired pair of “name”(service name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Service Names

Required

The names of the services to be deleted. Service Names can be obtained using the List All Namespace Services command.

[ "*****" ]

NameSpace

Optional

The namespace in which the service will be deleted. NameSpace can be obtained using the List All Namespace Services command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "api_version": "v1",
        "kind": "Status",
        "metadata": {
            "annotations": null,
            "cluster_name": null,
            "creation_timestamp": null,
            "deletion_grace_period_seconds": null,
            "deletion_timestamp": null,
            "finalizers": null,
            "generate_name": null,
            "generation": null,
            "labels": null,
            "managed_fields": null,
            "name": null,
            "namespace": null,
            "owner_references": null,
            "resource_version": null,
            "self_link": null,
            "uid": null
        },
        "spec": null,
        "status": {
            "conditions": null,
            "load_balancer": null
        }
    }
]
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Status

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}

spec

None

status

{'conditions': None, 'load_balancer': None}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Services failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Service Not Found.

Error Sample Data

Delete Services failed.

Status Code: 404.

Message: Service Not Found.

Describe Pods

Retrieves detailed information of the specified pod in the specific namespace.

READER NOTE

The parameter Pod Names is required to run this command.

  • Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace in which the pod(s) will be described. NameSpace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Pod Names

Required

The names of the pods to be described. Pod Names can be obtained using the List All Namespace Pods command.

["pod-0***a"]

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "kind": "Pod",
    "metadata": {
        "annotations": null,
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 22:09:20+00:00",
        "deletion_grace_period_seconds": 30,
        "deletion_timestamp": "2022-03-09 23:03:00+00:00",
        "finalizers": null,
        "generate_name": null,
        "generation": null,
        "labels": null,
        "managed_fields": [
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:containers": {
                            "k:{\"name\":\"sleep\"}": {
                                ".": {},
                                "f:args": {},
                                "f:image": {},
                                "f:imagePullPolicy": {},
                                "f:name": {},
                                "f:resources": {},
                                "f:terminationMessagePath": {},
                                "f:terminationMessagePolicy": {}
                            }
                        },
                        "f:dnsPolicy": {},
                        "f:enableServiceLinks": {},
                        "f:restartPolicy": {},
                        "f:schedulerName": {},
                        "f:securityContext": {},
                        "f:terminationGracePeriodSeconds": {}
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 22:09:20+00:00"
            },
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:status": {
                        "f:conditions": {
                            "k:{\"type\":\"ContainersReady\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Initialized\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Ready\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            }
                        },
                        "f:containerStatuses": {},
                        "f:hostIP": {},
                        "f:phase": {},
                        "f:podIP": {},
                        "f:podIPs": {
                            ".": {},
                            "k:{\"ip\":\"***.***.***.***\"}": {
                                ".": {},
                                "f:ip": {}
                            }
                        },
                        "f:startTime": {}
                    }
                },
                "manager": "kubelet",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 22:09:21+00:00"
            }
        ],
        "name": "busybox-test***",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "active_deadline_seconds": null,
        "affinity": null,
        "automount_service_account_token": null,
        "containers": [
            {
                "args": [
                    "/bin/sh",
                    "-c",
                    "while true;do date;sleep 5; done"
                ],
                "command": null,
                "env": null,
                "env_from": null,
                "image": "busybox",
                "image_pull_policy": "Always",
                "lifecycle": null,
                "liveness_probe": null,
                "name": "sleep",
                "ports": null,
                "readiness_probe": null,
                "resources": {
                    "limits": null,
                    "requests": null
                },
                "security_context": null,
                "startup_probe": null,
                "stdin": null,
                "stdin_once": null,
                "termination_message_path": "/dev/termination-***",
                "termination_message_policy": "File",
                "tty": null,
                "volume_devices": null,
                "volume_mounts": [
                    {
                        "mount_path": "/var/*****/*****/*****.***/*****",
                        "mount_propagation": null,
                        "name": "kube-api-access-****2",
                        "read_only": true,
                        "sub_path": null,
                        "sub_path_expr": null
                    }
                ],
                "working_dir": null
            }
        ],
        "dns_config": null,
        "dns_policy": "ClusterFirst",
        "enable_service_links": true,
        "ephemeral_containers": null,
        "host_aliases": null,
        "host_ipc": null,
        "host_network": null,
        "host_pid": null,
        "hostname": null,
        "image_pull_secrets": null,
        "init_containers": null,
        "node_name": "*****",
        "node_selector": null,
        "os": null,
        "overhead": null,
        "preemption_policy": "PreemptLowerPriority",
        "priority": 0,
        "priority_class_name": null,
        "readiness_gates": null,
        "restart_policy": "Always",
        "runtime_class_name": null,
        "scheduler_name": "default-scheduler",
        "security_context": {
            "fs_group": null,
            "fs_group_change_policy": null,
            "run_as_group": null,
            "run_as_non_root": null,
            "run_as_user": null,
            "se_linux_options": null,
            "seccomp_profile": null,
            "supplemental_groups": null,
            "sysctls": null,
            "windows_options": null
        },
        "service_account": "default",
        "service_account_name": "default",
        "set_hostname_as_fqdn": null,
        "share_process_namespace": null,
        "subdomain": null,
        "termination_grace_period_seconds": 30,
        "tolerations": [
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/not-ready",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            },
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/unreachable",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            }
        ],
        "topology_spread_constraints": null,
        "volumes": [
            {
                "aws_elastic_block_store": null,
                "azure_disk": null,
                "azure_file": null,
                "cephfs": null,
                "cinder": null,
                "config_map": null,
                "csi": null,
                "downward_api": null,
                "empty_dir": null,
                "ephemeral": null,
                "fc": null,
                "flex_volume": null,
                "flocker": null,
                "gce_persistent_disk": null,
                "git_repo": null,
                "glusterfs": null,
                "host_path": null,
                "iscsi": null,
                "name": "kube-api-access-****2",
                "nfs": null,
                "persistent_volume_claim": null,
                "photon_persistent_disk": null,
                "portworx_volume": null,
                "projected": {
                    "default_mode": 420,
                    "sources": [
                        {
                            "config_map": null,
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": {
                                "audience": null,
                                "expiration_seconds": 3607,
                                "path": "token"
                            }
                        },
                        {
                            "config_map": {
                                "items": [
                                    {
                                        "key": "ca.crt",
                                        "mode": null,
                                        "path": "ca.crt"
                                    }
                                ],
                                "name": "*****",
                                "optional": null
                            },
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": null
                        },
                        {
                            "config_map": null,
                            "downward_api": {
                                "items": [
                                    {
                                        "field_ref": {
                                            "api_version": "v1",
                                            "field_path": "metadata.namespace"
                                        },
                                        "mode": null,
                                        "path": "namespace",
                                        "resource_field_ref": null
                                    }
                                ]
                            },
                            "secret": null,
                            "service_account_token": null
                        }
                    ]
                },
                "quobyte": null,
                "rbd": null,
                "scale_io": null,
                "secret": null,
                "storageos": null,
                "vsphere_volume": null
            }
        ]
    },
    "status": {
        "conditions": [
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:20+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Initialized"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:21+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Ready"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:21+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "ContainersReady"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-09 22:09:20+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "PodScheduled"
            }
        ],
        "container_statuses": [
            {
                "container_id": "containerd://*****",
                "image": "docker.io/library/busybox:latest",
                "image_id": "docker.io/library/busybox@sha256:*****",
                "last_state": {
                    "running": null,
                    "terminated": null,
                    "waiting": null
                },
                "name": "sleep",
                "ready": true,
                "restart_count": 0,
                "started": true,
                "state": {
                    "running": {
                        "started_at": "2022-03-09 22: 09: 21+00: 00"
                    },
                    "terminated": null,
                    "waiting": null
                }
            }
        ],
        "ephemeral_container_statuses": null,
        "host_ip": "***.***.***.****",
        "init_container_statuses": null,
        "message": null,
        "nominated_node_name": null,
        "phase": "Running",
        "pod_ip": "***.***.***.***",
        "pod_i_ps": [
            {
                "ip": "***.***.***.***"
            }
        ],
        "qos_class": "BestEffort",
        "reason": null,
        "start_time": "2022-03-09 22:09:20+00:00"
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "PodNames": [
        "busybox-test***"
    ],
    "PodIDs": [
        "*****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Pod

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-10 18:49:22+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:containers': {'k:{"name":"*****"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:ports': {'.': {}, 'k:{"containerPort":*****,"protocol":"TCP"}': {'.': {}, 'f:containerPort': {}, 'f:protocol': {}}}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-10 18:49:22+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"***.***.***.***"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-10 18:49:23+00:00'}], 'name': 'pod-0310a', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:***.***.***', 'image_pull_policy': 'IfNotPresent', 'lifecycle': None, 'liveness_probe': None, 'name': '*****', 'ports': [{'container_port': *****, 'host_ip': None, 'host_port': None, 'name': None, 'protocol': 'TCP'}], 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': 'kube-api-access-56vcx', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': '*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': 'kube-api-access-56vcx', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}

status

{'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-10 18:49:22+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-10 18:49:23+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-10 18:49:23+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-10 18:49:22+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'PodScheduled'}], 'container_statuses': [{'container_id': 'containerd://*****', 'image': 'http://docker.io/library/nginx:***.***.*** ', 'image_id': 'http://docker.io/library/nginx@sha256:***** ', 'last_state': {'running': None, 'terminated': None, 'waiting': None}, 'name': '*****', 'ready': True, 'restart_count': 0, 'started': True, 'state': {'running': {'started_at': '2022-03-10 18:49:23+00:00'}, 'terminated': None, 'waiting': None}}], 'ephemeral_container_statuses': None, 'host_ip': '***.***.***.***', 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Running', 'pod_ip': '***.***.***.***', 'pod_i_ps': [{'ip': '***.***.***.***'}], 'qos_class': 'BestEffort', 'reason': None, 'start_time': '2022-03-10 18:49:22+00:00'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Describe Pod failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

Describe Pod failed.

Status Code: 403.

Message: Permission denied.

Get Deployment Scale

Retrieves the scale information of the specified deployments.

READER NOTE

The parameter Deployment Names is required to run this command.

  • Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Deployment Names

Required

The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command.

[ "nginx-*" ]

NameSpace

Required

The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "api_version": "autoscaling/v1",
        "kind": "Scale",
        "metadata": {
            "annotations": null,
            "cluster_name": null,
            "creation_timestamp": "2022-03-07 04:32:26+00:00",
            "deletion_grace_period_seconds": null,
            "deletion_timestamp": null,
            "finalizers": null,
            "generate_name": null,
            "generation": null,
            "labels": null,
            "managed_fields": null,
            "name": "nginx-*",
            "namespace": "default",
            "owner_references": null,
            "resource_version": "*****",
            "self_link": null,
            "uid": "*****"
        },
        "spec": {
            "replicas": 3
        },
        "status": {
            "replicas": 3,
            "selector": "app=nginx-*"
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "ReplicasSpec": [
        "3"
    ],
    "ReplicasStatus": [
        "3"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

autoscaling/v1

kind

Scale

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:32:26+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': None, 'name': 'nginx-3', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'replicas': 3}

status

{'replicas': 3, 'selector': 'app=nginx-3'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Deployment Scale failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Deployment Not Found.

Error Sample Data

Get Deployment Scale failed.

Status Code: 404.

Message: Deployment Not Found.

Get Pod Log

Retrieves the log of the specified pods.

READER NOTE

The parameter Pod Names is required to run this command.

  • Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace and Container are optional parameters to run this command.

  • Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

  • Run the List Namespace Pods command to obtain the Container. Containers can be found in the raw data at the path $.items[*].spec.containers[*].name.

WARNING

  • Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Pod Names

Required

The names of the pods. Pod Names can be obtained using the List All Namespace Pods command.

[ "mypod" ]

Namespace

Optional

The namespace of the pods. Namespace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Container

Optional

The name of the container of the pods. Container can be obtained using the List Namespace Pods command. If there is only one container in the pod, specifying the container name is not necessary.

"test-container"

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "level": "info",
        "ts": "2021-12-23T01:36:28.411Z",
        "caller": "entry*****.sh",
        "msg": "Validating env variables ..."
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:28.412Z",
        "caller": "entry*****.sh",
        "msg": "Install CNI binaries.."
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:28.429Z",
        "caller": "entry*****.sh",
        "msg": "Starting IPAM daemon in the background ... "
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:28.438Z",
        "caller": "entry*****.sh",
        "msg": "Checking for IPAM connectivity ... "
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:30.448Z",
        "caller": "entry*****.sh",
        "msg": "Retrying waiting for IPAM-D"
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:32.456Z",
        "caller": "entry*****.sh",
        "msg": "Retrying waiting for IPAM-D"
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:32.508Z",
        "caller": "entry*****.sh",
        "msg": "Copying config file ... "
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:32.515Z",
        "caller": "entry*****.sh",
        "msg": "Successfully copied CNI plugin binary and config file."
    },
    {
        "level": "info",
        "ts": "2021-12-23T01:36:32.517Z",
        "caller": "entry*****.sh",
        "msg": "Foregrounding IPAM daemon ..."
    }
]
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

level

ts

caller

msg

info

2021-12-23T01:36:28.411Z

entrypoint.sh

Validating env variables ...

info

2021-12-23T01:36:28.412Z

entrypoint.sh

Install CNI binaries..

info

2021-12-23T01:36:28.429Z

entrypoint.sh

Starting IPAM daemon in the background ...

info

2021-12-23T01:36:28.438Z

entrypoint.sh

Checking for IPAM connectivity ...

info

2021-12-23T01:36:30.448Z

entrypoint.sh

Retrying waiting for IPAM-D

info

2021-12-23T01:36:32.456Z

entrypoint.sh

Retrying waiting for IPAM-D

info

2021-12-23T01:36:32.508Z

entrypoint.sh

Copying config file ...

info

2021-12-23T01:36:32.515Z

entrypoint.sh

Successfully copied CNI plugin binary and config file.

info

2021-12-23T01:36:32.517Z

entrypoint.sh

Foregrounding IPAM daemon ...

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Pod Log failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Pod Not Found.

Error Sample Data

Get Pod Log failed.

Status Code: 404.

Message: Pod Not Found.

Get Pod Status

Retrieves the status of specified pods.

READER NOTE

Pod Names and Namespace are required parameters to run this command.

  • Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.

  • Run the List All Namespace Pods command to obtain Namespace. Namespaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input pod names must match your input namespace, otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the reponse raw data. Use that pair to run this command.

Input

Input Parameter

Required/Optional

Description

Example

Pod Names

Required

The names of the pods. Pod Names can be obtained using the List All Namespace Pods command.

[ "d3-pod-test***" ]

Namespace

Required

The namespace of the pods. Namespace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "kind": "Pod",
    "metadata": {
        "annotations": null,
        "cluster_name": null,
        "creation_timestamp": "2022-03-07 04:32:26+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": "nginx-*-*****",
        "generation": null,
        "labels": {
            "app": "nginx-*",
            "pod-template-hash": "*****"
        },
        "managed_fields": [
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:metadata": {
                        "f:generateName": {},
                        "f:labels": {
                            ".": {},
                            "f:app": {},
                            "f:pod-template-hash": {}
                        },
                        "f:ownerReferences": {
                            ".": {},
                            "k:{\"uid\":\"*****\"}": {
                                ".": {},
                                "f:apiVersion": {},
                                "f:blockOwnerDeletion": {},
                                "f:controller": {},
                                "f:kind": {},
                                "f:name": {},
                                "f:uid": {}
                            }
                        }
                    },
                    "f:spec": {
                        "f:containers": {
                            "k:{\"name\":\"nginx-*\"}": {
                                ".": {},
                                "f:image": {},
                                "f:imagePullPolicy": {},
                                "f:name": {},
                                "f:resources": {},
                                "f:terminationMessagePath": {},
                                "f:terminationMessagePolicy": {}
                            }
                        },
                        "f:dnsPolicy": {},
                        "f:enableServiceLinks": {},
                        "f:restartPolicy": {},
                        "f:schedulerName": {},
                        "f:securityContext": {},
                        "f:terminationGracePeriodSeconds": {}
                    }
                },
                "manager": "kube-controller-manager",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-07 04:32:26+00:00"
            },
            {
                "api_version": "v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:status": {
                        "f:conditions": {
                            "k:{\"type\":\"ContainersReady\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Initialized\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Ready\"}": {
                                ".": {},
                                "f:lastProbeTime": {},
                                "f:lastTransitionTime": {},
                                "f:status": {},
                                "f:type": {}
                            }
                        },
                        "f:containerStatuses": {},
                        "f:hostIP": {},
                        "f:phase": {},
                        "f:podIP": {},
                        "f:podIPs": {
                            ".": {},
                            "k:{\"ip\":\"***.***.***.***\"}": {
                                ".": {},
                                "f:ip": {}
                            }
                        },
                        "f:startTime": {}
                    }
                },
                "manager": "kubelet",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-07 04:32:29+00:00"
            }
        ],
        "name": "nginx-*-*****",
        "namespace": "default",
        "owner_references": [
            {
                "api_version": "apps/v1",
                "block_owner_deletion": true,
                "controller": true,
                "kind": "ReplicaSet",
                "name": "nginx-*-*****",
                "uid": "*****"
            }
        ],
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "active_deadline_seconds": null,
        "affinity": null,
        "automount_service_account_token": null,
        "containers": [
            {
                "args": null,
                "command": null,
                "env": null,
                "env_from": null,
                "image": "nginx:latest",
                "image_pull_policy": "Always",
                "lifecycle": null,
                "liveness_probe": null,
                "name": "nginx-*",
                "ports": null,
                "readiness_probe": null,
                "resources": {
                    "limits": null,
                    "requests": null
                },
                "security_context": null,
                "startup_probe": null,
                "stdin": null,
                "stdin_once": null,
                "termination_message_path": "/dev/termination-***",
                "termination_message_policy": "File",
                "tty": null,
                "volume_devices": null,
                "volume_mounts": [
                    {
                        "mount_path": "/var/*****/*****/*****.***/*****",
                        "mount_propagation": null,
                        "name": "kube-api-access-*****",
                        "read_only": true,
                        "sub_path": null,
                        "sub_path_expr": null
                    }
                ],
                "working_dir": null
            }
        ],
        "dns_config": null,
        "dns_policy": "ClusterFirst",
        "enable_service_links": true,
        "ephemeral_containers": null,
        "host_aliases": null,
        "host_ipc": null,
        "host_network": null,
        "host_pid": null,
        "hostname": null,
        "image_pull_secrets": null,
        "init_containers": null,
        "node_name": "gke-cluster-1-default-pool-*****",
        "node_selector": null,
        "os": null,
        "overhead": null,
        "preemption_policy": "PreemptLowerPriority",
        "priority": 0,
        "priority_class_name": null,
        "readiness_gates": null,
        "restart_policy": "Always",
        "runtime_class_name": null,
        "scheduler_name": "default-scheduler",
        "security_context": {
            "fs_group": null,
            "fs_group_change_policy": null,
            "run_as_group": null,
            "run_as_non_root": null,
            "run_as_user": null,
            "se_linux_options": null,
            "seccomp_profile": null,
            "supplemental_groups": null,
            "sysctls": null,
            "windows_options": null
        },
        "service_account": "default",
        "service_account_name": "default",
        "set_hostname_as_fqdn": null,
        "share_process_namespace": null,
        "subdomain": null,
        "termination_grace_period_seconds": 30,
        "tolerations": [
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/not-ready",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            },
            {
                "effect": "NoExecute",
                "key": "node.kubernetes.io/unreachable",
                "operator": "Exists",
                "toleration_seconds": 300,
                "value": null
            }
        ],
        "topology_spread_constraints": null,
        "volumes": [
            {
                "aws_elastic_block_store": null,
                "azure_disk": null,
                "azure_file": null,
                "cephfs": null,
                "cinder": null,
                "config_map": null,
                "csi": null,
                "downward_api": null,
                "empty_dir": null,
                "ephemeral": null,
                "fc": null,
                "flex_volume": null,
                "flocker": null,
                "gce_persistent_disk": null,
                "git_repo": null,
                "glusterfs": null,
                "host_path": null,
                "iscsi": null,
                "name": "kube-api-access-*****",
                "nfs": null,
                "persistent_volume_claim": null,
                "photon_persistent_disk": null,
                "portworx_volume": null,
                "projected": {
                    "default_mode": 420,
                    "sources": [
                        {
                            "config_map": null,
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": {
                                "audience": null,
                                "expiration_seconds": 3607,
                                "path": "token"
                            }
                        },
                        {
                            "config_map": {
                                "items": [
                                    {
                                        "key": "ca.crt",
                                        "mode": null,
                                        "path": "ca.crt"
                                    }
                                ],
                                "name": "*****",
                                "optional": null
                            },
                            "downward_api": null,
                            "secret": null,
                            "service_account_token": null
                        },
                        {
                            "config_map": null,
                            "downward_api": {
                                "items": [
                                    {
                                        "field_ref": {
                                            "api_version": "v1",
                                            "field_path": "metadata.namespace"
                                        },
                                        "mode": null,
                                        "path": "namespace",
                                        "resource_field_ref": null
                                    }
                                ]
                            },
                            "secret": null,
                            "service_account_token": null
                        }
                    ]
                },
                "quobyte": null,
                "rbd": null,
                "scale_io": null,
                "secret": null,
                "storageos": null,
                "vsphere_volume": null
            }
        ]
    },
    "status": {
        "conditions": [
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-07 04:32:27+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Initialized"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-07 04:32:29+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "Ready"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-07 04:32:29+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "ContainersReady"
            },
            {
                "last_probe_time": null,
                "last_transition_time": "2022-03-07 04:32:27+00:00",
                "message": null,
                "reason": null,
                "status": "True",
                "type": "PodScheduled"
            }
        ],
        "container_statuses": [
            {
                "container_id": "containerd://2e3************************159",
                "image": "docker.io/library/nginx:latest",
                "image_id": "docker.io/library/nginx@sha256:1c1************************285",
                "last_state": {
                    "running": null,
                    "terminated": null,
                    "waiting": null
                },
                "name": "nginx-*",
                "ready": true,
                "restart_count": 0,
                "started": true,
                "state": {
                    "running": {
                        "started_at": "2022-03-07 04:32:29+00:00"
                    },
                    "terminated": null,
                    "waiting": null
                }
            }
        ],
        "ephemeral_container_statuses": null,
        "host_ip": "***.***.***.***",
        "init_container_statuses": null,
        "message": null,
        "nominated_node_name": null,
        "phase": "Running",
        "pod_ip": "***.***.***.***",
        "pod_i_ps": [
            {
                "ip": "***.***.***.***"
            }
        ],
        "qos_class": "BestEffort",
        "reason": null,
        "start_time": "2022-03-07 04:32:27+00:00"
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Statues": [
        "Running"
    ],
    "PodIPs": [
        "***.***.***.***"
    ],
    "HostIPs": [
        "***.***.***.****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

kind

Pod

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:32:26+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': 'nginx-3-*****', 'generation': None, 'labels': {'app': 'nginx-3', 'pod-template-hash': '*****'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}, 'f:pod-template-hash': {}}, 'f:ownerReferences': {'.': {}, 'k:{"uid":"*****"}': {'.': {}, 'f:apiVersion': {}, 'f:blockOwnerDeletion': {}, 'f:controller': {}, 'f:kind': {}, 'f:name': {}, 'f:uid': {}}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:32:26+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"*****"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:32:29+00:00'}], 'name': 'nginx-3-*****', 'namespace': 'default', 'owner_references': [{'api_version': 'apps/v1', 'block_owner_deletion': True, 'controller': True, 'kind': 'ReplicaSet', 'name': 'nginx-3-*****', 'uid': '*****'}], 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': '*****', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': 'gke-cluster-1-default-pool-*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': '*****', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}

status

{'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-07 04:32:27+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-07 04:32:29+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-07 04:32:29+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-07 04:32:27+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'PodScheduled'}], 'container_statuses': [{'container_id': 'containerd://*****', 'image': 'http://docker.io/library/nginx:latest ', 'image_id': 'http://docker.io/library/nginx@sha256:***** ', 'last_state': {'running': None, 'terminated': None, 'waiting': None}, 'name': 'nginx-1', 'ready': True, 'restart_count': 0, 'started': True, 'state': {'running': {'started_at': '2022-03-07 04:32:29+00:00'}, 'terminated': None, 'waiting': None}}], 'ephemeral_container_statuses': None, 'host_ip': '***.***.***.***', 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Running', 'pod_ip': '*****', 'pod_i_ps': [{'ip': '*****'}], 'qos_class': 'BestEffort', 'reason': None, 'start_time': '2022-03-07 04:32:27+00:00'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Pod Status failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Pod Not Found.

Error Sample Data

Get Pod Status failed.

Status Code: 404.

Message: Pod Not Found.

List All Namespace Deployments

Returns a list of all namespace deployments.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE

{
    "api_version": "apps/v1",
    "items": [
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "deployment.kubernetes.io/revision": "2"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 22:34:21+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": 3,
                "labels": {
                    "app": "nginx-1"
                },
                "managed_fields": [
                    {
                        "api_version": "apps/v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:progressDeadlineSeconds": {},
                                "f:replicas": {},
                                "f:revisionHistoryLimit": {},
                                "f:selector": {},
                                "f:strategy": {
                                    "f:rollingUpdate": {
                                        ".": {},
                                        "f:maxSurge": {},
                                        "f:maxUnavailable": {}
                                    },
                                    "f:type": {}
                                },
                                "f:template": {
                                    "f:metadata": {
                                        "f:labels": {
                                            ".": {},
                                            "f:app": {}
                                        }
                                    },
                                    "f:spec": {
                                        "f:containers": {
                                            "k:{\"name\":\"nginx-1\"}": {
                                                ".": {},
                                                "f:image": {},
                                                "f:imagePullPolicy": {},
                                                "f:name": {},
                                                "f:resources": {},
                                                "f:terminationMessagePath": {},
                                                "f:terminationMessagePolicy": {}
                                            }
                                        },
                                        "f:dnsPolicy": {},
                                        "f:restartPolicy": {},
                                        "f:schedulerName": {},
                                        "f:securityContext": {},
                                        "f:terminationGracePeriodSeconds": {}
                                    }
                                }
                            }
                        },
                        "manager": "GoogleCloudConsole",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 22:34:21+00:00"
                    },
                    {
                        "api_version": "apps/v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:spec": {
                                "f:template": {
                                    "f:metadata": {
                                        "f:annotations": {
                                            ".": {},
                                            "f:kubectl.kubernetes.io/restartedAt": {}
                                        }
                                    }
                                }
                            }
                        },
                        "manager": "kubectl",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-06 21:48:56+00:00"
                    },
                    {
                        "api_version": "apps/v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:deployment.kubernetes.io/revision": {}
                                }
                            },
                            "f:status": {
                                "f:availableReplicas": {},
                                "f:conditions": {
                                    ".": {},
                                    "k:{\"type\":\"Available\"}": {
                                        ".": {},
                                        "f:lastTransitionTime": {},
                                        "f:lastUpdateTime": {},
                                        "f:message": {},
                                        "f:reason": {},
                                        "f:status": {},
                                        "f:type": {}
                                    },
                                    "k:{\"type\":\"Progressing\"}": {
                                        ".": {},
                                        "f:lastTransitionTime": {},
                                        "f:lastUpdateTime": {},
                                        "f:message": {},
                                        "f:reason": {},
                                        "f:status": {},
                                        "f:type": {}
                                    }
                                },
                                "f:observedGeneration": {},
                                "f:readyReplicas": {},
                                "f:replicas": {},
                                "f:updatedReplicas": {}
                            }
                        },
                        "manager": "kube-controller-manager",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-06 21:59:08+00:00"
                    }
                ],
                "name": "nginx-1",
                "namespace": "default",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "min_ready_seconds": null,
                "paused": null,
                "progress_deadline_seconds": 600,
                "replicas": 4,
                "revision_history_limit": 10,
                "selector": {
                    "match_expressions": null,
                    "match_labels": {
                        "app": "nginx-1"
                    }
                },
                "strategy": {
                    "rolling_update": {
                        "max_surge": "25%",
                        "max_unavailable": "25%"
                    },
                    "type": "RollingUpdate"
                },
                "template": {
                    "metadata": {
                        "annotations": {
                            "kubectl.kubernetes.io/restartedAt": "2022-03-06T13:50:47-08:00"
                        },
                        "cluster_name": null,
                        "creation_timestamp": null,
                        "deletion_grace_period_seconds": null,
                        "deletion_timestamp": null,
                        "finalizers": null,
                        "generate_name": null,
                        "generation": null,
                        "labels": {
                            "app": "nginx-1"
                        },
                        "managed_fields": null,
                        "name": null,
                        "namespace": null,
                        "owner_references": null,
                        "resource_version": null,
                        "self_link": null,
                        "uid": null
                    },
                    "spec": {
                        "active_deadline_seconds": null,
                        "affinity": null,
                        "automount_service_account_token": null,
                        "containers": [
                            {
                                "args": null,
                                "command": null,
                                "env": null,
                                "env_from": null,
                                "image": "nginx:latest",
                                "image_pull_policy": "Always",
                                "lifecycle": null,
                                "liveness_probe": null,
                                "name": "nginx-1",
                                "ports": null,
                                "readiness_probe": null,
                                "resources": {
                                    "limits": null,
                                    "requests": null
                                },
                                "security_context": null,
                                "startup_probe": null,
                                "stdin": null,
                                "stdin_once": null,
                                "termination_message_path": "/dev/termination-log",
                                "termination_message_policy": "File",
                                "tty": null,
                                "volume_devices": null,
                                "volume_mounts": null,
                                "working_dir": null
                            }
                        ],
                        "dns_config": null,
                        "dns_policy": "ClusterFirst",
                        "enable_service_links": null,
                        "ephemeral_containers": null,
                        "host_aliases": null,
                        "host_ipc": null,
                        "host_network": null,
                        "host_pid": null,
                        "hostname": null,
                        "image_pull_secrets": null,
                        "init_containers": null,
                        "node_name": null,
                        "node_selector": null,
                        "os": null,
                        "overhead": null,
                        "preemption_policy": null,
                        "priority": null,
                        "priority_class_name": null,
                        "readiness_gates": null,
                        "restart_policy": "Always",
                        "runtime_class_name": null,
                        "scheduler_name": "default-scheduler",
                        "security_context": {
                            "fs_group": null,
                            "fs_group_change_policy": null,
                            "run_as_group": null,
                            "run_as_non_root": null,
                            "run_as_user": null,
                            "se_linux_options": null,
                            "seccomp_profile": null,
                            "supplemental_groups": null,
                            "sysctls": null,
                            "windows_options": null
                        },
                        "service_account": null,
                        "service_account_name": null,
                        "set_hostname_as_fqdn": null,
                        "share_process_namespace": null,
                        "subdomain": null,
                        "termination_grace_period_seconds": 30,
                        "tolerations": null,
                        "topology_spread_constraints": null,
                        "volumes": null
                    }
                }
            },
            "status": {
                "available_replicas": 4,
                "collision_count": null,
                "conditions": [
                    {
                        "last_transition_time": "2022-03-05 22:34:21+00:00",
                        "last_update_time": "2022-03-06 21:49:03+00:00",
                        "message": "ReplicaSet \"nginx-1-5964975958\" has successfully progressed.",
                        "reason": "NewReplicaSetAvailable",
                        "status": "True",
                        "type": "Progressing"
                    },
                    {
                        "last_transition_time": "2022-03-06 21:59:07+00:00",
                        "last_update_time": "2022-03-06 21:59:07+00:00",
                        "message": "Deployment has minimum availability.",
                        "reason": "MinimumReplicasAvailable",
                        "status": "True",
                        "type": "Available"
                    }
                ],
                "observed_generation": 3,
                "ready_replicas": 4,
                "replicas": 4,
                "unavailable_replicas": null,
                "updated_replicas": 4
            }
        }
    ],
    "kind": "DeploymentList",
    "metadata": {
        "_continue": null,
        "remaining_item_count": null,
        "resource_version": "*****",
        "self_link": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "DeploymentNames": [
        "nginx-*"
    ],
    "DeploymentNamespaces": [
        "default"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

apps/v1

items

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'deployment.kubernetes.io/revision': '2'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 22:34:21+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 3, 'labels': {'app': 'nginx-1'}, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 22:34:21+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:template': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/restartedAt': {}}}}}}, 'manager': 'kubectl', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:48:56+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:deployment.kubernetes.io/revision': {}}}, 'f:status': {'f:availableReplicas': {}, 'f:conditions': {'.': {}, 'k:{"type":"Available"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Progressing"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}}, 'f:observedGeneration': {}, 'f:readyReplicas': {}, 'f:replicas': {}, 'f:updatedReplicas': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:59:08+00:00'}], 'name': 'nginx-1', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'min_ready_seconds': None, 'paused': None, 'progress_deadline_seconds': 600, 'replicas': 4, 'revision_history_limit': 10, 'selector': {'match_expressions': None, 'match_labels': {'app': 'nginx-1'}}, 'strategy': {'rolling_update': {'max_surge': '25%', 'max_unavailable': '25%'}, 'type': 'RollingUpdate'}, 'template': {'metadata': {'annotations': {'kubectl.kubernetes.io/restartedAt': '2022-03-06T13:50:47-08:00'}, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginx-1'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'topology_spread_constraints': None, 'volumes': None}}}, 'status': {'available_replicas': 4, 'collision_count': None, 'conditions': [{'last_transition_time': '2022-03-05 22:34:21+00:00', 'last_update_time': '2022-03-06 21:49:03+00:00', 'message': 'ReplicaSet "nginx-1-*****" has successfully progressed.', 'reason': 'NewReplicaSetAvailable', 'status': 'True', 'type': 'Progressing'}, {'last_transition_time': '2022-03-06 21:59:07+00:00', 'last_update_time': '2022-03-06 21:59:07+00:00', 'message': 'Deployment has minimum availability.', 'reason': 'MinimumReplicasAvailable', 'status': 'True', 'type': 'Available'}], 'observed_generation': 3, 'ready_replicas': 4, 'replicas': 4, 'unavailable_replicas': None, 'updated_replicas': 4}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'deployment.kubernetes.io/revision': '1'}, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:08:01+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 1, 'labels': {'app': 'nginx-2'}, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:env': {'.': {}, 'k:{"name":"MY_POD_IP"}': {'.': {}, 'f:name': {}, 'f:valueFrom': {'.': {}, 'f:configMapKeyRef': {'.': {}, 'f:key': {}, 'f:name': {}}}}}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:08:01+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:deployment.kubernetes.io/revision': {}}}, 'f:status': {'f:availableReplicas': {}, 'f:conditions': {'.': {}, 'k:{"type":"Available"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Progressing"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}}, 'f:observedGeneration': {}, 'f:readyReplicas': {}, 'f:replicas': {}, 'f:updatedReplicas': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:08:07+00:00'}], 'name': 'nginx-2', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'min_ready_seconds': None, 'paused': None, 'progress_deadline_seconds': 600, 'replicas': 3, 'revision_history_limit': 10, 'selector': {'match_expressions': None, 'match_labels': {'app': 'nginx-2'}}, 'strategy': {'rolling_update': {'max_surge': '25%', 'max_unavailable': '25%'}, 'type': 'RollingUpdate'}, 'template': {'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginx-2'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': [{'name': 'MY_POD_IP', 'value': None, 'value_from': {'config_map_key_ref': {'key': 'MY_POD_IP', 'name': 'nginx-2-config-ebn6', 'optional': None}, 'field_ref': None, 'resource_field_ref': None, 'secret_key_ref': None}}], 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'topology_spread_constraints': None, 'volumes': None}}}, 'status': {'available_replicas': 3, 'collision_count': None, 'conditions': [{'last_transition_time': '2022-03-07 04:08:07+00:00', 'last_update_time': '2022-03-07 04:08:07+00:00', 'message': 'Deployment has minimum availability.', 'reason': 'MinimumReplicasAvailable', 'status': 'True', 'type': 'Available'}, {'last_transition_time': '2022-03-07 04:08:02+00:00', 'last_update_time': '2022-03-07 04:08:07+00:00', 'message': 'ReplicaSet "nginx-2-545cdd8bc9" has successfully progressed.', 'reason': 'NewReplicaSetAvailable', 'status': 'True', 'type': 'Progressing'}], 'observed_generation': 1, 'ready_replicas': 3, 'replicas': 3, 'unavailable_replicas': None, 'updated_replicas': 3}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'deployment.kubernetes.io/revision': '1'}, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:32:26+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 1, 'labels': {'app': 'nginx-3'}, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:32:26+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:deployment.kubernetes.io/revision': {}}}, 'f:status': {'f:availableReplicas': {}, 'f:conditions': {'.': {}, 'k:{"type":"Available"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Progressing"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}}, 'f:observedGeneration': {}, 'f:readyReplicas': {}, 'f:replicas': {}, 'f:updatedReplicas': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:32:29+00:00'}], 'name': 'nginx-3', 'namespace': 'default', 'owner_references': None, 'resource_version': '1116926', 'self_link': None, 'uid': '*****'}, 'spec': {'min_ready_seconds': None, 'paused': None, 'progress_deadline_seconds': 600, 'replicas': 3, 'revision_history_limit': 10, 'selector': {'match_expressions': None, 'match_labels': {'app': 'nginx-3'}}, 'strategy': {'rolling_update': {'max_surge': '25%', 'max_unavailable': '25%'}, 'type': 'RollingUpdate'}, 'template': {'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginx-3'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'topology_spread_constraints': None, 'volumes': None}}}, 'status': {'available_replicas': 3, 'collision_count': None, 'conditions': [{'last_transition_time': '2022-03-07 04:32:29+00:00', 'last_update_time': '2022-03-07 04:32:29+00:00', 'message': 'Deployment has minimum availability.', 'reason': 'MinimumReplicasAvailable', 'status': 'True', 'type': 'Available'}, {'last_transition_time': '2022-03-07 04:32:26+00:00', 'last_update_time': '2022-03-07 04:32:29+00:00', 'message': 'ReplicaSet "nginx-3-*****" has successfully progressed.', 'reason': 'NewReplicaSetAvailable', 'status': 'True', 'type': 'Progressing'}], 'observed_generation': 1, 'ready_replicas': 3, 'replicas': 3, 'unavailable_replicas': None, 'updated_replicas': 3}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'deployment.kubernetes.io/revision': '1', 'kubectl.kubernetes.io/last-applied-configuration': '{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","k8s-app":"event-exporter","kubernetes.io/cluster-service":"true","version":"v0.3.5"},"name":"event-exporter-gke","namespace":"kube-system"},"spec":{"replicas":1,"selector":{"matchLabels":{"k8s-app":"event-exporter"}},"template":{"metadata":{"annotations":{"components.gke.io/component-name":"event-exporter","components.gke.io/component-version":"1.0.10"},"labels":{"k8s-app":"event-exporter","version":"v0.3.5"}},"spec":{"containers":[{"command":["/event-exporter","-sink-opts=-stackdriver-resource-model=new -endpoint=https://logging.googleapis.com","-prometheus-endpoint=:*****"],"image":"gke.gcr.io/event-exporter:*****","name":"event-exporter","securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]}}},{"command":["/monitor","--stackdriver-prefix=container.googleapis.com/internal/addons","--api-override=https://monitoring.googleapis.com/","--source=event_exporter:http://localhost:*****?whitelisted=stackdriver_sink_received_entry_count,stackdriver_sink_request_count,stackdriver_sink_successfully_sent_entry_count","--pod-id=$(POD_NAME)","--namespace-id=$(POD_NAMESPACE)","--node-name=$(NODE_NAME)"],"env":[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"NODE_NAME","valueFrom":{"fieldRef":{"fieldPath":"spec.nodeName"}}}],"image":"gke.gcr.io/prometheus-to-sd:*****","name":"prometheus-to-sd-exporter","securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]}}}],"nodeSelector":{"kubernetes.io/os":"linux"},"securityContext":{"runAsGroup":1000,"runAsUser":1000},"serviceAccountName":"event-exporter-sa","terminationGracePeriodSeconds":120,"tolerations":[{"key":"components.gke.io/gke-managed-components","operator":"Exists"}],"volumes":[{"hostPath":{"path":"/etc/ssl/certs"},"name":"ssl-certs"}]}}}}\n'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:53:29+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 1, 'labels': {'addonmanager.kubernetes.io/mode': 'Reconcile', 'k8s-app': 'event-exporter', 'kubernetes.io/cluster-service': 'true', 'version': 'v0.3.5'}, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/last-applied-configuration': {}}, 'f:labels': {'.': {}, 'f:addonmanager.kubernetes.io/mode': {}, 'f:k8s-app': {}, 'f:kubernetes.io/cluster-service': {}, 'f:version': {}}}, 'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:annotations': {'.': {}, 'f:components.gke.io/component-name': {}, 'f:components.gke.io/component-version': {}}, 'f:labels': {'.': {}, 'f:k8s-app': {}, 'f:version': {}}}, 'f:spec': {'f:containers': {'k:{"name":"event-exporter"}': {'.': {}, 'f:command': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:securityContext': {'.': {}, 'f:allowPrivilegeEscalation': {}, 'f:capabilities': {'.': {}, 'f:drop': {}}}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}, 'k:{"name":"prometheus-to-sd-exporter"}': {'.': {}, 'f:command': {}, 'f:env': {'.': {}, 'k:{"name":"NODE_NAME"}': {'.': {}, 'f:name': {}, 'f:valueFrom': {'.': {}, 'f:fieldRef': {'.': {}, 'f:apiVersion': {}, 'f:fieldPath': {}}}}, 'k:{"name":"POD_NAME"}': {'.': {}, 'f:name': {}, 'f:valueFrom': {'.': {}, 'f:fieldRef': {'.': {}, 'f:apiVersion': {}, 'f:fieldPath': {}}}}, 'k:{"name":"POD_NAMESPACE"}': {'.': {}, 'f:name': {}, 'f:valueFrom': {'.': {}, 'f:fieldRef': {'.': {}, 'f:apiVersion': {}, 'f:fieldPath': {}}}}}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:securityContext': {'.': {}, 'f:allowPrivilegeEscalation': {}, 'f:capabilities': {'.': {}, 'f:drop': {}}}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:nodeSelector': {'.': {}, 'f:kubernetes.io/os': {}}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {'.': {}, 'f:runAsGroup': {}, 'f:runAsUser': {}}, 'f:serviceAccount': {}, 'f:serviceAccountName': {}, 'f:terminationGracePeriodSeconds': {}, 'f:tolerations': {}, 'f:volumes': {'.': {}, 'k:{"name":"ssl-certs"}': {'.': {}, 'f:hostPath': {'.': {}, 'f:path': {}, 'f:type': {}}, 'f:name': {}}}}}}}, 'manager': 'kubectl-cl

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List All Namespace Deployments failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List All Namespace Deployments failed.

Status Code: 403.

Message: Permission denied.

List All Namespace Pods

Returns a list of all namespace pods.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "items": [
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "kubectl.kubernetes.io/restartedAt": "2022-03-06T13:50:47-08:00"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-06 21:59:03+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": "nginx-1-*****-",
                "generation": null,
                "labels": {
                    "app": "nginx-1",
                    "pod-template-hash": "*****"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:kubectl.kubernetes.io/restartedAt": {}
                                },
                                "f:generateName": {},
                                "f:labels": {
                                    ".": {},
                                    "f:app": {},
                                    "f:pod-template-hash": {}
                                },
                                "f:ownerReferences": {
                                    ".": {},
                                    "k:{\"uid\":\"*****\"}": {
                                        ".": {},
                                        "f:apiVersion": {},
                                        "f:blockOwnerDeletion": {},
                                        "f:controller": {},
                                        "f:kind": {},
                                        "f:name": {},
                                        "f:uid": {}
                                    }
                                }
                            },
                            "f:spec": {
                                "f:containers": {
                                    "k:{\"name\":\"nginx-1\"}": {
                                        ".": {},
                                        "f:image": {},
                                        "f:imagePullPolicy": {},
                                        "f:name": {},
                                        "f:resources": {},
                                        "f:terminationMessagePath": {},
                                        "f:terminationMessagePolicy": {}
                                    }
                                },
                                "f:dnsPolicy": {},
                                "f:enableServiceLinks": {},
                                "f:restartPolicy": {},
                                "f:schedulerName": {},
                                "f:securityContext": {},
                                "f:terminationGracePeriodSeconds": {}
                            }
                        },
                        "manager": "kube-controller-manager",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-06 21:59:03+00:00"
                    },
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:status": {
                                "f:conditions": {
                                    "k:{\"type\":\"ContainersReady\"}": {
                                        ".": {},
                                        "f:lastProbeTime": {},
                                        "f:lastTransitionTime": {},
                                        "f:status": {},
                                        "f:type": {}
                                    },
                                    "k:{\"type\":\"Initialized\"}": {
                                        ".": {},
                                        "f:lastProbeTime": {},
                                        "f:lastTransitionTime": {},
                                        "f:status": {},
                                        "f:type": {}
                                    },
                                    "k:{\"type\":\"Ready\"}": {
                                        ".": {},
                                        "f:lastProbeTime": {},
                                        "f:lastTransitionTime": {},
                                        "f:status": {},
                                        "f:type": {}
                                    }
                                },
                                "f:containerStatuses": {},
                                "f:hostIP": {},
                                "f:phase": {},
                                "f:podIP": {},
                                "f:podIPs": {
                                    ".": {},
                                    "k:{\"ip\":\"***.***.***.***\"}": {
                                        ".": {},
                                        "f:ip": {}
                                    }
                                },
                                "f:startTime": {}
                            }
                        },
                        "manager": "kubelet",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-06 21:59:08+00:00"
                    }
                ],
                "name": "nginx-1-*****-*****",
                "namespace": "default",
                "owner_references": [
                    {
                        "api_version": "apps/v1",
                        "block_owner_deletion": true,
                        "controller": true,
                        "kind": "ReplicaSet",
                        "name": "nginx-1-*****",
                        "uid": "*****"
                    }
                ],
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "active_deadline_seconds": null,
                "affinity": null,
                "automount_service_account_token": null,
                "containers": [
                    {
                        "args": null,
                        "command": null,
                        "env": null,
                        "env_from": null,
                        "image": "nginx:latest",
                        "image_pull_policy": "Always",
                        "lifecycle": null,
                        "liveness_probe": null,
                        "name": "nginx-1",
                        "ports": null,
                        "readiness_probe": null,
                        "resources": {
                            "limits": null,
                            "requests": null
                        },
                        "security_context": null,
                        "startup_probe": null,
                        "stdin": null,
                        "stdin_once": null,
                        "termination_message_path": "/dev/termination-log",
                        "termination_message_policy": "File",
                        "tty": null,
                        "volume_devices": null,
                        "volume_mounts": [
                            {
                                "mount_path": "/var/*****/*****/*****.***/*****",
                                "mount_propagation": null,
                                "name": "*****",
                                "read_only": true,
                                "sub_path": null,
                                "sub_path_expr": null
                            }
                        ],
                        "working_dir": null
                    }
                ],
                "dns_config": null,
                "dns_policy": "ClusterFirst",
                "enable_service_links": true,
                "ephemeral_containers": null,
                "host_aliases": null,
                "host_ipc": null,
                "host_network": null,
                "host_pid": null,
                "hostname": null,
                "image_pull_secrets": null,
                "init_containers": null,
                "node_name": "*****",
                "node_selector": null,
                "os": null,
                "overhead": null,
                "preemption_policy": "PreemptLowerPriority",
                "priority": 0,
                "priority_class_name": null,
                "readiness_gates": null,
                "restart_policy": "Always",
                "runtime_class_name": null,
                "scheduler_name": "default-scheduler",
                "security_context": {
                    "fs_group": null,
                    "fs_group_change_policy": null,
                    "run_as_group": null,
                    "run_as_non_root": null,
                    "run_as_user": null,
                    "se_linux_options": null,
                    "seccomp_profile": null,
                    "supplemental_groups": null,
                    "sysctls": null,
                    "windows_options": null
                },
                "service_account": "default",
                "service_account_name": "default",
                "set_hostname_as_fqdn": null,
                "share_process_namespace": null,
                "subdomain": null,
                "termination_grace_period_seconds": 30,
                "tolerations": [
                    {
                        "effect": "NoExecute",
                        "key": "node.kubernetes.io/not-ready",
                        "operator": "Exists",
                        "toleration_seconds": 300,
                        "value": null
                    },
                    {
                        "effect": "NoExecute",
                        "key": "node.kubernetes.io/unreachable",
                        "operator": "Exists",
                        "toleration_seconds": 300,
                        "value": null
                    }
                ],
                "topology_spread_constraints": null,
                "volumes": [
                    {
                        "aws_elastic_block_store": null,
                        "azure_disk": null,
                        "azure_file": null,
                        "cephfs": null,
                        "cinder": null,
                        "config_map": null,
                        "csi": null,
                        "downward_api": null,
                        "empty_dir": null,
                        "ephemeral": null,
                        "fc": null,
                        "flex_volume": null,
                        "flocker": null,
                        "gce_persistent_disk": null,
                        "git_repo": null,
                        "glusterfs": null,
                        "host_path": null,
                        "iscsi": null,
                        "name": "*****",
                        "nfs": null,
                        "persistent_volume_claim": null,
                        "photon_persistent_disk": null,
                        "portworx_volume": null,
                        "projected": {
                            "default_mode": 420,
                            "sources": [
                                {
                                    "config_map": null,
                                    "downward_api": null,
                                    "secret": null,
                                    "service_account_token": {
                                        "audience": null,
                                        "expiration_seconds": 3607,
                                        "path": "token"
                                    }
                                },
                                {
                                    "config_map": {
                                        "items": [
                                            {
                                                "key": "ca.crt",
                                                "mode": null,
                                                "path": "ca.crt"
                                            }
                                        ],
                                        "name": "kube-root-ca.crt",
                                        "optional": null
                                    },
                                    "downward_api": null,
                                    "secret": null,
                                    "service_account_token": null
                                },
                                {
                                    "config_map": null,
                                    "downward_api": {
                                        "items": [
                                            {
                                                "field_ref": {
                                                    "api_version": "v1",
                                                    "field_path": "metadata.namespace"
                                                },
                                                "mode": null,
                                                "path": "namespace",
                                                "resource_field_ref": null
                                            }
                                        ]
                                    },
                                    "secret": null,
                                    "service_account_token": null
                                }
                            ]
                        },
                        "quobyte": null,
                        "rbd": null,
                        "scale_io": null,
                        "secret": null,
                        "storageos": null,
                        "vsphere_volume": null
                    }
                ]
            },
            "status": {
                "conditions": [
                    {
                        "last_probe_time": null,
                        "last_transition_time": "2022-03-06 21:59:03+00:00",
                        "message": null,
                        "reason": null,
                        "status": "True",
                        "type": "Initialized"
                    },
                    {
                        "last_probe_time": null,
                        "last_transition_time": "2022-03-06 21:59:08+00:00",
                        "message": null,
                        "reason": null,
                        "status": "True",
                        "type": "Ready"
                    },
                    {
                        "last_probe_time": null,
                        "last_transition_time": "2022-03-06 21:59:08+00:00",
                        "message": null,
                        "reason": null,
                        "status": "True",
                        "type": "ContainersReady"
                    },
                    {
                        "last_probe_time": null,
                        "last_transition_time": "2022-03-06 21:59:03+00:00",
                        "message": null,
                        "reason": null,
                        "status": "True",
                        "type": "PodScheduled"
                    }
                ],
                "container_statuses": [
                    {
                        "container_id": "containerd://*****",
                        "image": "docker.io/library/nginx:latest",
                        "image_id": "docker.io/library/nginx@sha256:*****",
                        "last_state": {
                            "running": null,
                            "terminated": null,
                            "waiting": null
                        },
                        "name": "nginx-1",
                        "ready": true,
                        "restart_count": 0,
                        "started": true,
                        "state": {
                            "running": {
                                "started_at": "2022-03-06 21:59:08+00:00"
                            },
                            "terminated": null,
                            "waiting": null
                        }
                    }
                ],
                "ephemeral_container_statuses": null,
                "host_ip": "***.***.***.***",
                "init_container_statuses": null,
                "message": null,
                "nominated_node_name": null,
                "phase": "Running",
                "pod_ip": "***.***.***.***",
                "pod_i_ps": [
                    {
                        "ip": "***.***.***.***"
                    }
                ],
                "qos_class": "BestEffort",
                "reason": null,
                "start_time": "2022-03-06 21:59:03+00:00"
            }
        }
    ],
    "kind": "PodList",
    "metadata": {
        "_continue": null,
        "remaining_item_count": null,
        "resource_version": "*****",
        "self_link": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "PodNames": [
        "d3-pod-test***"
    ],
    "PodIPs": [
        "***.***.***.***"
    ],
    "PodNamespaces": [
        "default"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

items

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'kubectl.kubernetes.io/restartedAt': '2022-03-06T13:50:47-08:00'}, 'cluster_name': None, 'creation_timestamp': '2022-03-06 21:59:03+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': 'nginx-1-*****-', 'generation': None, 'labels': {'app': 'nginx-1', 'pod-template-hash': '*****'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/restartedAt': {}}, 'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}, 'f:pod-template-hash': {}}, 'f:ownerReferences': {'.': {}, 'k:{"uid":"*****"}': {'.': {}, 'f:apiVersion': {}, 'f:blockOwnerDeletion': {}, 'f:controller': {}, 'f:kind': {}, 'f:name': {}, 'f:uid': {}}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:59:03+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"***.***.***.***"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:59:08+00:00'}], 'name': 'nginx-1-*****-*****', 'namespace': 'default', 'owner_references': [{'api_version': 'apps/v1', 'block_owner_deletion': True, 'controller': True, 'kind': 'ReplicaSet', 'name': 'nginx-1-*****', 'uid': '*****'}], 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': '*****', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': 'gke-cluster-1-default-pool-*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': '*****', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}, 'status': {'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:03+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:08+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:08+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:03+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'PodScheduled'}], 'container_statuses': [{'container_id': 'containerd://*****', 'image': 'http://docker.io/library/nginx:latest ', 'image_id': 'http://docker.io/library/nginx@sha256:***** ', 'last_state': {'running': None, 'terminated': None, 'waiting': None}, 'name': 'nginx-1', 'ready': True, 'restart_count': 0, 'started': True, 'state': {'running': {'started_at': '2022-03-06 21:59:08+00:00'}, 'terminated': None, 'waiting': None}}], 'ephemeral_container_statuses': None, 'host_ip': '***.***.***.***', 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Running', 'pod_ip': '***.***.***.***', 'pod_i_ps': [{'ip': '***.***.***.***'}], 'qos_class': 'BestEffort', 'reason': None, 'start_time': '2022-03-06 21:59:03+00:00'}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'kubectl.kubernetes.io/restartedAt': '2022-03-06T13:50:47-08:00'}, 'cluster_name': None, 'creation_timestamp': '2022-03-06 21:49:00+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': 'nginx-1-*****-', 'generation': None, 'labels': {'app': 'nginx-1', 'pod-template-hash': '*****'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/restartedAt': {}}, 'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}, 'f:pod-template-hash': {}}, 'f:ownerReferences': {'.': {}, 'k:{"uid":"*****"}': {'.': {}, 'f:apiVersion': {}, 'f:blockOwnerDeletion': {}, 'f:controller': {}, 'f:kind': {}, 'f:name': {}, 'f:uid': {}}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:49:00+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"***.***.***.***"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:49:01+00:00'}], 'name': 'nginx-1-*****-ldltk', 'namespace': 'default', 'owner_references': [{'api_version': 'apps/v1', 'block_owner_deletion': True, 'controller': True, 'kind': 'ReplicaSet', 'name': 'nginx-1-*****', 'uid': '*****'}], 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': '*****', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': 'gke-cluster-1-default-pool-*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': '*****', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}, 'status': {'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-06 21:49:00+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:49:01+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:49:01+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:49:00+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'PodScheduled'}], 'container_statuses': [{'container_id': 'containerd://*****', 'image': 'http://docker.io/library/nginx:latest ', 'image_id': 'http://docker.io/library/nginx@sha256:*****', 'last_state': {'running': None, 'terminated': None, 'waiting': None}, 'name': 'nginx-1', 'ready': True, 'restart_count': 0, 'started': True, 'state': {'running': {'started_at': '2022-03-06 21:49:01+00:00'}, 'terminated': None, 'waiting': None}}], 'ephemeral_container_statuses': None, 'host_ip': '***.***.***.***', 'init_container_statuses': None, 'message': None, 'nominated_node_name': None, 'phase': 'Running', 'pod_ip': '***.***.***.***', 'pod_i_ps': [{'ip': '***.***.***.***'}], 'qos_class': 'BestEffort', 'reason': None, 'start_time': '2022-03-06 21:49:00+00:00'}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'kubectl.kubernetes.io/restartedAt': '2022-03-06T13:50:47-08:00'}, 'cluster_name': None, 'creation_timestamp': '2022-03-06 21:59:03+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': 'nginx-1-*****-', 'generation': None, 'labels': {'app': 'nginx-1', 'pod-template-hash': '*****'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/restartedAt': {}}, 'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}, 'f:pod-template-hash': {}}, 'f:ownerReferences': {'.': {}, 'k:{"uid":"*****"}': {'.': {}, 'f:apiVersion': {}, 'f:blockOwnerDeletion': {}, 'f:controller': {}, 'f:kind': {}, 'f:name': {}, 'f:uid': {}}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:enableServiceLinks': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:59:03+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:status': {'f:conditions': {'k:{"type":"ContainersReady"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Initialized"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Ready"}': {'.': {}, 'f:lastProbeTime': {}, 'f:lastTransitionTime': {}, 'f:status': {}, 'f:type': {}}}, 'f:containerStatuses': {}, 'f:hostIP': {}, 'f:phase': {}, 'f:podIP': {}, 'f:podIPs': {'.': {}, 'k:{"ip":"***.***.***.***"}': {'.': {}, 'f:ip': {}}}, 'f:startTime': {}}}, 'manager': 'kubelet', 'operation': 'Update', 'subresource': None, 'time': '2022-03-06 21:59:07+00:00'}], 'name': 'nginx-1-*****-*****', 'namespace': 'default', 'owner_references': [{'api_version': 'apps/v1', 'block_owner_deletion': True, 'controller': True, 'kind': 'ReplicaSet', 'name': 'nginx-1-*****', 'uid': '*****'}], 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': [{'mount_path': '/var/*****/*****/*****.***/*****', 'mount_propagation': None, 'name': '*****', 'read_only': True, 'sub_path': None, 'sub_path_expr': None}], 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': True, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': '*****', 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': 'PreemptLowerPriority', 'priority': 0, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': 'default', 'service_account_name': 'default', 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': [{'effect': 'NoExecute', 'key': 'node.kubernetes.io/not-ready', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}, {'effect': 'NoExecute', 'key': 'node.kubernetes.io/unreachable', 'operator': 'Exists', 'toleration_seconds': 300, 'value': None}], 'topology_spread_constraints': None, 'volumes': [{'aws_elastic_block_store': None, 'azure_disk': None, 'azure_file': None, 'cephfs': None, 'cinder': None, 'config_map': None, 'csi': None, 'downward_api': None, 'empty_dir': None, 'ephemeral': None, 'fc': None, 'flex_volume': None, 'flocker': None, 'gce_persistent_disk': None, 'git_repo': None, 'glusterfs': None, 'host_path': None, 'iscsi': None, 'name': '*****', 'nfs': None, 'persistent_volume_claim': None, 'photon_persistent_disk': None, 'portworx_volume': None, 'projected': {'default_mode': 420, 'sources': [{'config_map': None, 'downward_api': None, 'secret': None, 'service_account_token': {'audience': None, 'expiration_seconds': 3607, 'path': 'token'}}, {'config_map': {'items': [{'key': 'ca.crt', 'mode': None, 'path': 'ca.crt'}], 'name': 'kube-root-ca.crt', 'optional': None}, 'downward_api': None, 'secret': None, 'service_account_token': None}, {'config_map': None, 'downward_api': {'items': [{'field_ref': {'api_version': 'v1', 'field_path': 'metadata.namespace'}, 'mode': None, 'path': 'namespace', 'resource_field_ref': None}]}, 'secret': None, 'service_account_token': None}]}, 'quobyte': None, 'rbd': None, 'scale_io': None, 'secret': None, 'storageos': None, 'vsphere_volume': None}]}, 'status': {'conditions': [{'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:03+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Initialized'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:07+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'Ready'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:07+00:00', 'message': None, 'reason': None, 'status': 'True', 'type': 'ContainersReady'}, {'last_probe_time': None, 'last_transition_time': '2022-03-06 21:59:03+00:00', 'message': None, 'reason': None, 'status': 'True', &

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List All Namespace Pods failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List All Namespace Pods failed.

Status Code: 403.

Message: Permission denied.

List All Namespace Services

Lists all services in all namespaces.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "items": [
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:48+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "component": "apiserver",
                    "provider": "kubernetes"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:component": {},
                                    "f:provider": {}
                                }
                            },
                            "f:spec": {
                                "f:clusterIP": {},
                                "f:ipFamilyPolicy": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:name": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:48+00:00"
                    }
                ],
                "name": "kubernetes",
                "namespace": "default",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": null,
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": "https",
                        "node_port": null,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": null,
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "ClusterIP"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": null
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "cloud.google.com/neg": "{\"ingress\":true}"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 22:51:05+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": [
                    "service.kubernetes.io/load-balancer-cleanup"
                ],
                "generate_name": "nginx-*-",
                "generation": null,
                "labels": {
                    "app": "nginx-*"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:generateName": {},
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:externalTrafficPolicy": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "GoogleCloudConsole",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 22:51:05+00:00"
                    },
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:finalizers": {
                                    ".": {},
                                    "v:\"service.kubernetes.io/load-balancer-cleanup\"": {}
                                }
                            },
                            "f:status": {
                                "f:loadBalancer": {
                                    "f:ingress": {}
                                }
                            }
                        },
                        "manager": "kube-controller-manager",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 22:51:42+00:00"
                    }
                ],
                "name": "nginx-*-*****",
                "namespace": "default",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "c12*******************e7a"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": "Cluster",
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": null,
                        "node_port": *****,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "app": "nginx-*"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "LoadBalancer"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": [
                        {
                            "hostname": null,
                            "ip": "***.***.***.***",
                            "ports": null
                        }
                    ]
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "cloud.google.com/neg": "{\"ingress\":true}"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-07 04:11:11+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": "nginx-*-",
                "generation": null,
                "labels": {
                    "app": "nginx-*"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:generateName": {},
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:externalTrafficPolicy": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "GoogleCloudConsole",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-07 04:11:11+00:00"
                    }
                ],
                "name": "nginx-*-gp**d",
                "namespace": "default",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": "Cluster",
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": null,
                        "node_port": *****,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "app": "nginx-*"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "NodePort"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": null
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "cloud.google.com/neg": "{\"ingress\":true}"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-09 17:35:48+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": [
                    "service.kubernetes.io/load-balancer-cleanup"
                ],
                "generate_name": null,
                "generation": null,
                "labels": {
                    "app": "nginxj"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:externalTrafficPolicy": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "OpenAPI-Generator",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-09 17:35:48+00:00"
                    },
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:finalizers": {
                                    ".": {},
                                    "v:\"service.kubernetes.io/load-balancer-cleanup\"": {}
                                }
                            },
                            "f:status": {
                                "f:loadBalancer": {
                                    "f:ingress": {}
                                }
                            }
                        },
                        "manager": "kube-controller-manager",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-09 17:36:18+00:00"
                    }
                ],
                "name": "*****",
                "namespace": "default",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": "Cluster",
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": null,
                        "node_port": *****,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "app": "nginxj"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "LoadBalancer"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": [
                        {
                            "hostname": null,
                            "ip": "***.***.***.***",
                            "ports": null
                        }
                    ]
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "components.gke.io/layer": "addon",
                    "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"components.gke.io/layer\":\"addon\"},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\",\"k8s-app\":\"glbc\",\"kubernetes.io/cluster-service\":\"true\",\"kubernetes.io/name\":\"GLBC******Backend\"},\"name\":\"default-http-backend\",\"namespace\":\"kube-system\"},\"spec\":{\"ports\":[{\"name\":\"http\",\"port\":*****,\"protocol\":\"TCP\",\"targetPort\":*****}],\"selector\":{\"k8s-app\":\"glbc\"},\"type\":\"NodePort\"}}\n"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:53:30+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "addonmanager.kubernetes.io/mode": "Reconcile",
                    "k8s-app": "glbc",
                    "kubernetes.io/cluster-service": "true",
                    "kubernetes.io/name": "GLBC******Backend"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:components.gke.io/layer": {},
                                    "f:kubectl.kubernetes.io/last-applied-configuration": {}
                                },
                                "f:labels": {
                                    ".": {},
                                    "f:addonmanager.kubernetes.io/mode": {},
                                    "f:k8s-app": {},
                                    "f:kubernetes.io/cluster-service": {},
                                    "f:kubernetes.io/name": {}
                                }
                            },
                            "f:spec": {
                                "f:externalTrafficPolicy": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:name": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:k8s-app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "kubectl-client-side-apply",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:53:30+00:00"
                    }
                ],
                "name": "default-http-backend",
                "namespace": "kube-system",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": "Cluster",
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": "http",
                        "node_port": *****,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "k8s-app": "glbc"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "NodePort"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": null
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\",\"k8s-app\":\"kube-dns\",\"kubernetes.io/cluster-service\":\"true\",\"kubernetes.io/name\":\"KubeDNS\"},\"name\":\"kube-dns\",\"namespace\":\"kube-system\"},\"spec\":{\"clusterIP\":\"***.***.***.***\",\"ports\":[{\"name\":\"dns\",\"port\":*****,\"protocol\":\"UDP\"},{\"name\":\"dns-tcp\",\"port\":*****,\"protocol\":\"TCP\"}],\"selector\":{\"k8s-app\":\"kube-dns\"}}}\n"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:53:28+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "addonmanager.kubernetes.io/mode": "Reconcile",
                    "k8s-app": "kube-dns",
                    "kubernetes.io/cluster-service": "true",
                    "kubernetes.io/name": "KubeDNS"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:kubectl.kubernetes.io/last-applied-configuration": {}
                                },
                                "f:labels": {
                                    ".": {},
                                    "f:addonmanager.kubernetes.io/mode": {},
                                    "f:k8s-app": {},
                                    "f:kubernetes.io/cluster-service": {},
                                    "f:kubernetes.io/name": {}
                                }
                            },
                            "f:spec": {
                                "f:clusterIP": {},
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:name": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    },
                                    "k:{\"port\":*****,\"protocol\":\"UDP\"}": {
                                        ".": {},
                                        "f:name": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:k8s-app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "kubectl-client-side-apply",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:53:28+00:00"
                    }
                ],
                "name": "kube-dns",
                "namespace": "kube-system",
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": null,
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": "dns",
                        "node_port": null,
                        "port": *****,
                        "protocol": "UDP",
                        "target_port": *****
                    },
                    {
                        "app_protocol": null,
                        "name": "dns-tcp",
                        "node_port": null,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": *****
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "k8s-app": "kube-dns"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "ClusterIP"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": null
                }
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": {
                    "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\",\"kubernetes.io/cluster-service\":\"true\",\"kubernetes.io/name\":\"Metrics-server\"},\"name\":\"metrics-server\",\"namespace\":\"kube-system\"},\"spec\":{\"ports\":[{\"port\":*****,\"protocol\":\"TCP\",\"targetPort\":\"https\"}],\"selector\":{\"k8s-app\":\"metrics-server\"}}}\n"
                },
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:53:30+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "addonmanager.kubernetes.io/mode": "Reconcile",
                    "kubernetes.io/cluster-service": "true",
                    "kubernetes.io/name": "Metrics-server"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:kubectl.kubernetes.io/last-applied-configuration": {}
                                },
                                "f:labels": {
                                    ".": {},
                                    "f:addonmanager.kubernetes.io/mode": {},
                                    "f:kubernetes.io/cluster-service": {},
                                    "f:kubernetes.io/name": {}
                                }
                            },
                            "f:spec": {
                                "f:ports": {
                                    ".": {},
                                    "k:{\"port\":*****,\"protocol\":\"TCP\"}": {
                                        ".": {},
                                        "f:port": {},
                                        "f:protocol": {},
                                        "f:targetPort": {}
                                    }
                                },
                                "f:selector": {
                                    ".": {},
                                    "f:k8s-app": {}
                                },
                                "f:sessionAffinity": {},
                                "f:type": {}
                            }
                        },
                        "manager": "kubectl-client-side-apply",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:53:30+00:00"
                    }
                ],
                "name": "metrics-server",
                "namespace": "kube-system",
                "owner_references": null,
                "resource_version": "462",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "allocate_load_balancer_node_ports": null,
                "cluster_ip": "***.***.***.***",
                "cluster_i_ps": [
                    "***.***.***.***"
                ],
                "external_i_ps": null,
                "external_name": null,
                "external_traffic_policy": null,
                "health_check_node_port": null,
                "internal_traffic_policy": null,
                "ip_families": [
                    "IPv4"
                ],
                "ip_family_policy": "SingleStack",
                "load_balancer_class": null,
                "load_balancer_ip": null,
                "load_balancer_source_ranges": null,
                "ports": [
                    {
                        "app_protocol": null,
                        "name": null,
                        "node_port": null,
                        "port": *****,
                        "protocol": "TCP",
                        "target_port": "https"
                    }
                ],
                "publish_not_ready_addresses": null,
                "selector": {
                    "k8s-app": "metrics-server"
                },
                "session_affinity": "None",
                "session_affinity_config": null,
                "type": "ClusterIP"
            },
            "status": {
                "conditions": null,
                "load_balancer": {
                    "ingress": null
                }
            }
        }
    ],
    "kind": "ServiceList",
    "metadata": {
        "_continue": null,
        "remaining_item_count": null,
        "resource_version": "*****",
        "self_link": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "ServiceNames": [
        "*****"
    ],
    "Namespaces": [
        "default"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

items

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:52:48+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'component': 'apiserver', 'provider': 'kubernetes'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:component': {}, 'f:provider': {}}}, 'f:spec': {'f:clusterIP': {}, 'f:ipFamilyPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:name': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'kube-apiserver', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:52:48+00:00'}], 'name': 'kubernetes', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': None, 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': 'https', 'node_port': None, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': None, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'ClusterIP'}, 'status': {'conditions': None, 'load_balancer': {'ingress': None}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'cloud.google.com/neg': '{"ingress":true}'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 22:51:05+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': ['service.kubernetes.io/load-balancer-cleanup'], 'generate_name': 'nginx-1-', 'generation': None, 'labels': {'app': 'nginx-1'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:externalTrafficPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 22:51:05+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:finalizers': {'.': {}, 'v:"service.kubernetes.io/load-balancer-cleanup"': {}}}, 'f:status': {'f:loadBalancer': {'f:ingress': {}}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 22:51:42+00:00'}], 'name': 'nginx-1-*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': 'Cluster', 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': None, 'node_port': *****, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'app': 'nginx-1'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'LoadBalancer'}, 'status': {'conditions': None, 'load_balancer': {'ingress': [{'hostname': None, 'ip': '***.***.***.***', 'ports': None}]}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'cloud.google.com/neg': '{"ingress":true}'}, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:11:11+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': 'nginx-2-', 'generation': None, 'labels': {'app': 'nginx-2'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:generateName': {}, 'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:externalTrafficPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:11:11+00:00'}], 'name': 'nginx-2-*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': 'Cluster', 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': None, 'node_port': *****, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'app': 'nginx-2'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'NodePort'}, 'status': {'conditions': None, 'load_balancer': {'ingress': None}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'cloud.google.com/neg': '{"ingress":true}'}, 'cluster_name': None, 'creation_timestamp': '2022-03-09 17:35:48+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': ['service.kubernetes.io/load-balancer-cleanup'], 'generate_name': None, 'generation': None, 'labels': {'app': 'nginxj'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:externalTrafficPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 17:35:48+00:00'}, {'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:finalizers': {'.': {}, 'v:"service.kubernetes.io/load-balancer-cleanup"': {}}}, 'f:status': {'f:loadBalancer': {'f:ingress': {}}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 17:36:18+00:00'}], 'name': '*****', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': 'Cluster', 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': None, 'node_port': *****, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'app': 'nginxj'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'LoadBalancer'}, 'status': {'conditions': None, 'load_balancer': {'ingress': [{'hostname': None, 'ip': '***.***.***.***', 'ports': None}]}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'components.gke.io/layer': 'addon', 'kubectl.kubernetes.io/last-applied-configuration': '{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"components.gke.io/layer":"addon"},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","k8s-app":"glbc","kubernetes.io/cluster-service":"true","kubernetes.io/name":"GLBCDefaultBackend"},"name":"default-http-backend","namespace":"kube-system"},"spec":{"ports":[{"name":"http","port":*****,"protocol":"TCP","targetPort":*****}],"selector":{"k8s-app":"glbc"},"type":"NodePort"}}\n'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:53:30+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'addonmanager.kubernetes.io/mode': 'Reconcile', 'k8s-app': 'glbc', 'kubernetes.io/cluster-service': 'true', 'kubernetes.io/name': 'GLBCDefaultBackend'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:components.gke.io/layer': {}, 'f:kubectl.kubernetes.io/last-applied-configuration': {}}, 'f:labels': {'.': {}, 'f:addonmanager.kubernetes.io/mode': {}, 'f:k8s-app': {}, 'f:kubernetes.io/cluster-service': {}, 'f:kubernetes.io/name': {}}}, 'f:spec': {'f:externalTrafficPolicy': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:name': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:k8s-app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'kubectl-client-side-apply', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:53:30+00:00'}], 'name': 'default-http-backend', 'namespace': 'kube-system', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': 'Cluster', 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': 'http', 'node_port': *****, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'k8s-app': 'glbc'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'NodePort'}, 'status': {'conditions': None, 'load_balancer': {'ingress': None}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'kubectl.kubernetes.io/last-applied-configuration': '{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","k8s-app":"kube-dns","kubernetes.io/cluster-service":"true","kubernetes.io/name":"KubeDNS"},"name":"kube-dns","namespace":"kube-system"},"spec":{"clusterIP":"***.***.***.***","ports":[{"name":"dns","port":*****,"protocol":"UDP"},{"name":"dns-tcp","port":*****,"protocol":"TCP"}],"selector":{"k8s-app":"kube-dns"}}}\n'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:53:28+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'addonmanager.kubernetes.io/mode': 'Reconcile', 'k8s-app': 'kube-dns', 'kubernetes.io/cluster-service': 'true', 'kubernetes.io/name': 'KubeDNS'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/last-applied-configuration': {}}, 'f:labels': {'.': {}, 'f:addonmanager.kubernetes.io/mode': {}, 'f:k8s-app': {}, 'f:kubernetes.io/cluster-service': {}, 'f:kubernetes.io/name': {}}}, 'f:spec': {'f:clusterIP': {}, 'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:name': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}, 'k:{"port":*****,"protocol":"UDP"}': {'.': {}, 'f:name': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:k8s-app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'kubectl-client-side-apply', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:53:28+00:00'}], 'name': 'kube-dns', 'namespace': 'kube-system', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': None, 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': 'dns', 'node_port': None, 'port': *****, 'protocol': 'UDP', 'target_port': *****}, {'app_protocol': None, 'name': 'dns-tcp', 'node_port': None, 'port': *****, 'protocol': 'TCP', 'target_port': *****}], 'publish_not_ready_addresses': None, 'selector': {'k8s-app': 'kube-dns'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'ClusterIP'}, 'status': {'conditions': None, 'load_balancer': {'ingress': None}}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': {'kubectl.kubernetes.io/last-applied-configuration': '{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","kubernetes.io/cluster-service":"true","kubernetes.io/name":"Metrics-server"},"name":"metrics-server","namespace":"kube-system"},"spec":{"ports":[{"port":*****,"protocol":"TCP","targetPort":"https"}],"selector":{"k8s-app":"metrics-server"}}}\n'}, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:53:30+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'addonmanager.kubernetes.io/mode': 'Reconcile', 'kubernetes.io/cluster-service': 'true', 'kubernetes.io/name': 'Metrics-server'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/last-applied-configuration': {}}, 'f:labels': {'.': {}, 'f:addonmanager.kubernetes.io/mode': {}, 'f:kubernetes.io/cluster-service': {}, 'f:kubernetes.io/name': {}}}, 'f:spec': {'f:ports': {'.': {}, 'k:{"port":*****,"protocol":"TCP"}': {'.': {}, 'f:port': {}, 'f:protocol': {}, 'f:targetPort': {}}}, 'f:selector': {'.': {}, 'f:k8s-app': {}}, 'f:sessionAffinity': {}, 'f:type': {}}}, 'manager': 'kubectl-client-side-apply', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:53:30+00:00'}], 'name': 'metrics-server', 'namespace': 'kube-system', 'owner_references': None, 'resource_version': *****, 'self_link': None, 'uid': '*****'}, 'spec': {'allocate_load_balancer_node_ports': None, 'cluster_ip': '***.***.***.***', 'cluster_i_ps': ['***.***.***.***'], 'external_i_ps': None, 'external_name': None, 'external_traffic_policy': None, 'health_check_node_port': None, 'internal_traffic_policy': None, 'ip_families': ['IPv4'], 'ip_family_policy': 'SingleStack', 'load_balancer_class': None, 'load_balancer_ip': None, 'load_balancer_source_ranges': None, 'ports': [{'app_protocol': None, 'name': None, 'node_port': None, 'port': *****, 'protocol': 'TCP', 'target_port': 'https'}], 'publish_not_ready_addresses': None, 'selector': {'k8s-app': 'metrics-server'}, 'session_affinity': 'None', 'session_affinity_config': None, 'type': 'ClusterIP'}, 'status': {'conditions': None, 'load_balancer': {'ingress': None}}}

kind

ServiceList

metadata

{'_continue': None, 'remaining_item_count': None, 'resource_version': '*****', 'self_link': None}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List All Namespace Services failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List All Namespace Services failed.

Status Code: 403.

Message: Permission denied.

List Namespace Pods

Lists the pods of the specified namespace.

READER NOTE

NameSpace is an optional parameter to run this command.

  • Run the List Namespaces command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.

Input

Input Parameter

Required/Optional

Description

Example

NameSpace

Optional

The namespace of the pods. NameSpace can be obtained using the List Namespaces command.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE

{
    "api_version": "v1",
    "items": [
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:48+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "default"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:48+00:00"
                    }
                ],
                "name": "default",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:45+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-node-lease"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:45+00:00"
                    }
                ],
                "name": "kube-node-lease",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:45+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-public"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:45+00:00"
                    }
                ],
                "name": "kube-public",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:44+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-system"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:44+00:00"
                    }
                ],
                "name": "kube-system",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        }
    ],
    "kind": "NamespaceList",
    "metadata": {
        "_continue": null,
        "remaining_item_count": null,
        "resource_version": "*****",
        "self_link": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "PodNames": [
        "d3-pod-test***"
    ],
    "PodPhases": [
        "Running"
    ],
    "PodIPs": [
        "***.***.***.***"
    ],
    "PodNamespaces": [
        "default"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Namespace Pods failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List Namespace Pods failed.

Status Code: 403.

Message: Permission denied.

List Namespaces

Lists all namespaces

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "v1",
    "items": [
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:48+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "default"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:48+00:00"
                    }
                ],
                "name": "default",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:45+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-node-lease"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:45+00:00"
                    }
                ],
                "name": "kube-node-lease",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:45+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-public"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:45+00:00"
                    }
                ],
                "name": "kube-public",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        },
        {
            "api_version": null,
            "kind": null,
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": "2022-03-05 01:52:44+00:00",
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "kubernetes.io/metadata.name": "kube-system"
                },
                "managed_fields": [
                    {
                        "api_version": "v1",
                        "fields_type": "FieldsV1",
                        "fields_v1": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:kubernetes.io/metadata.name": {}
                                }
                            }
                        },
                        "manager": "kube-apiserver",
                        "operation": "Update",
                        "subresource": null,
                        "time": "2022-03-05 01:52:44+00:00"
                    }
                ],
                "name": "kube-system",
                "namespace": null,
                "owner_references": null,
                "resource_version": "*****",
                "self_link": null,
                "uid": "*****"
            },
            "spec": {
                "finalizers": [
                    "kubernetes"
                ]
            },
            "status": {
                "conditions": null,
                "phase": "Active"
            }
        }
    ],
    "kind": "NamespaceList",
    "metadata": {
        "_continue": null,
        "remaining_item_count": null,
        "resource_version": "*****",
        "self_link": null
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Namespaces": [
        "d3namespace"
    ],
    "Statuses": [
        "Active"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

v1

items

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:52:48+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'kubernetes.io/metadata.name': 'default'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:kubernetes.io/metadata.name': {}}}}, 'manager': 'kube-apiserver', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:52:48+00:00'}], 'name': 'default', 'namespace': None, 'owner_references': None, 'resource_version': '206', 'self_link': None, 'uid': '*****'}, 'spec': {'finalizers': ['kubernetes']}, 'status': {'conditions': None, 'phase': 'Active'}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:52:45+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'kubernetes.io/metadata.name': 'kube-node-lease'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:kubernetes.io/metadata.name': {}}}}, 'manager': 'kube-apiserver', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:52:45+00:00'}], 'name': 'kube-node-lease', 'namespace': None, 'owner_references': None, 'resource_version': '63', 'self_link': None, 'uid': '*****'}, 'spec': {'finalizers': ['kubernetes']}, 'status': {'conditions': None, 'phase': 'Active'}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:52:45+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'kubernetes.io/metadata.name': 'kube-public'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:kubernetes.io/metadata.name': {}}}}, 'manager': 'kube-apiserver', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:52:45+00:00'}], 'name': 'kube-public', 'namespace': None, 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'finalizers': ['kubernetes']}, 'status': {'conditions': None, 'phase': 'Active'}}

  • {'api_version': None, 'kind': None, 'metadata': {'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-05 01:52:44+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'kubernetes.io/metadata.name': 'kube-system'}, 'managed_fields': [{'api_version': 'v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:kubernetes.io/metadata.name': {}}}}, 'manager': 'kube-apiserver', 'operation': 'Update', 'subresource': None, 'time': '2022-03-05 01:52:44+00:00'}], 'name': 'kube-system', 'namespace': None, 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}, 'spec': {'finalizers': ['kubernetes']}, 'status': {'conditions': None, 'phase': 'Active'}}

kind

NamespaceList

metadata

{'_continue': None, 'remaining_item_count': None, 'resource_version': '*****', 'self_link': None}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Namespaces failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List Namespaces failed.

Status Code: 403.

Message: Permission denied.

List Node Pools

Lists the node pools for a cluster.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "nodePools": [
        {
            "name": "default-pool",
            "config": {
                "machineType": "e2-medium",
                "diskSizeGb": 100,
                "oauthScopes": [
                    "https://www.googleapis.com/*****",
                    "https://www.googleapis.com/*****",
                    "https://www.googleapis.com/*****",
                    "https://www.googleapis.com/*****",
                    "https://www.googleapis.com/*****",
                    "https://www.googleapis.com/*****"
                ],
                "metadata": {
                    "disable-legacy-endpoints": "true"
                },
                "imageType": "COS_CONTAINERD",
                "serviceAccount": "default",
                "diskType": "pd-standard",
                "shieldedInstanceConfig": {
                    "enableIntegrityMonitoring": true
                }
            },
            "initialNodeCount": 2,
            "autoscaling": {},
            "management": {
                "autoUpgrade": true,
                "autoRepair": true
            },
            "maxPodsConstraint": {
                "maxPodsPerNode": "110"
            },
            "podIpv4CidrSize": 24,
            "locations": [
                "us-west1-a"
            ],
            "networkConfig": {
                "podRange": "gke-cluster-1-pods-*****",
                "podIpv4CidrBlock": "***.***.***.***/**"
            },
            "selfLink": "https://container.googleapis.com/*****",
            "version": "*****",
            "instanceGroupUrls": [
                "https://www.googleapis.com/compute/*****"
            ],
            "status": "RUNNING",
            "upgradeSettings": {
                "maxSurge": 1
            }
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Name": [
        "nodepool-api-*****"
    ],
    "Status": [
        "PROVISIONING"
    ],
    "NumberOfNodes": [
        "3"
    ],
    "MachineType": [
        "e2-medium"
    ],
    "ImageType": [
        "COS_CONTAINERD"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

nodePools

  • {'name': 'default-pool', 'config': {'machineType': 'e2-medium', 'diskSizeGb': 100, 'oauthScopes': ['https://www.googleapis.com/*****', 'https://www.googleapis.com/*****', 'https://www.googleapis.com/*****', 'https://www.googleapis.com/*****', 'https://www.googleapis.com/*****', 'https://www.googleapis.com/*****'], 'metadata': {'disable-legacy-endpoints': 'true'}, 'imageType': 'COS_CONTAINERD', 'serviceAccount': 'default', 'diskType': 'pd-standard', 'shieldedInstanceConfig': {'enableIntegrityMonitoring': True}}, 'initialNodeCount': 2, 'autoscaling': {}, 'management': {'autoUpgrade': True, 'autoRepair': True}, 'maxPodsConstraint': {'maxPodsPerNode': '110'}, 'podIpv4CidrSize': 24, 'locations': ['us-west1-a'], 'networkConfig': {'podRange': 'gke-cluster-1-pods-*****', 'podIpv4CidrBlock': '***.***.***.***/**'}, 'selfLink': 'https://www.googleapis.com/*****', 'version': '*****', 'instanceGroupUrls': ['https://www.googleapis.com/*****'], 'status': 'RUNNING', 'upgradeSettings': {'maxSurge': 1}}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Node Pools failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List Nodes failed. Failed to load gcloud.

Status Code: 403.

Message: Permission denied.

List Nodes

Lists all nodes.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "apiVersion": "v1",
    "items": [
        {
            "apiVersion": "v1",
            "kind": "Node",
            "metadata": {
                "annotations": {
                    "container.googleapis.com/instance_id": "*****",
                    "csi.volume.kubernetes.io/nodeid": "{\"pd.csi.storage.gke.io\":\"projects/nimble-cortex-*****/zones/us-west1-b/instances/gke-cluster-1-nodepool-api-*****\"}",
                    "node.alpha.kubernetes.io/ttl": "0",
                    "node.gke.io/last-applied-node-labels": "cloud.google.com/gke-boot-disk=pd-standard,cloud.google.com/gke-container-runtime=containerd,cloud.google.com/gke-nodepool=nodepool-api-*****,cloud.google.com/gke-os-distribution=cos,cloud.google.com/machine-family=e2",
                    "node.gke.io/last-applied-node-taints": "",
                    "volumes.kubernetes.io/controller-managed-attach-detach": "true"
                },
                "creationTimestamp": "2022-03-08T18:12:44Z",
                "labels": {
                    "beta.kubernetes.io/arch": "amd64",
                    "beta.kubernetes.io/instance-type": "e2-medium",
                    "beta.kubernetes.io/os": "linux",
                    "cloud.google.com/gke-boot-disk": "pd-standard",
                    "cloud.google.com/gke-container-runtime": "containerd",
                    "cloud.google.com/gke-nodepool": "nodepool-api-*****",
                    "cloud.google.com/gke-os-distribution": "cos",
                    "cloud.google.com/machine-family": "e2",
                    "failure-domain.beta.kubernetes.io/region": "us-west1",
                    "failure-domain.beta.kubernetes.io/zone": "us-west1-b",
                    "kubernetes.io/arch": "amd64",
                    "kubernetes.io/hostname": "gke-cluster-1-nodepool-api-*****",
                    "kubernetes.io/os": "linux",
                    "node.kubernetes.io/instance-type": "e2-medium",
                    "topology.gke.io/zone": "us-west1-b",
                    "topology.kubernetes.io/region": "us-west1",
                    "topology.kubernetes.io/zone": "us-west1-b"
                },
                "name": "gke-cluster-1-nodepool-api-*****",
                "resourceVersion": "*****",
                "uid": "*****"
            },
            "spec": {
                "podCIDR": "***.***.***.***/**",
                "podCIDRs": [
                    "***.***.***.***/**"
                ],
                "providerID": "gce://nimble-cortex-*****/us-west1-b/gke-cluster-1-nodepool-api-*****"
            },
            "status": {
                "addresses": [
                    {
                        "address": "***.***.***.***",
                        "type": "InternalIP"
                    }
                ],
                "allocatable": {
                    "attachable-volumes-gce-pd": "15",
                    "cpu": "940m",
                    "ephemeral-storage": "*****",
                    "hugepages-1Gi": "0",
                    "hugepages-2Mi": "0",
                    "memory": "*****",
                    "pods": "110"
                },
                "capacity": {
                    "attachable-volumes-gce-pd": "15",
                    "cpu": "2",
                    "ephemeral-storage": "*****",
                    "hugepages-1Gi": "0",
                    "hugepages-2Mi": "0",
                    "memory": "*****",
                    "pods": "110"
                },
                "conditions": [
                    {
                        "lastHeartbeatTime": "2022-03-09T00:48:31Z",
                        "lastTransitionTime": "2022-03-08T18:12:49Z",
                        "message": "node is functioning properly",
                        "reason": "NoFrequentUnregisterNetDevice",
                        "status": "False",
                        "type": "FrequentUnregisterNetDevice"
                    }
                ],
                "daemonEndpoints": {
                    "kubeletEndpoint": {
                        "Port": *****
                    }
                },
                "images": [
                    {
                        "names": [
                            "gke.gcr.io/kube-proxy-amd64:v*****-gke.*****",
                            "k8s.gcr.io/kube-proxy-amd64:v*****-gke.*****"
                        ],
                        "sizeBytes": 107444935
                    }
                ],
                "nodeInfo": {
                    "architecture": "amd64",
                    "bootID": "*****",
                    "containerRuntimeVersion": "containerd://*****",
                    "kernelVersion": "*****",
                    "kubeProxyVersion": "v*****-gke.*****",
                    "kubeletVersion": "v*****-gke.*****",
                    "machineID": "*****",
                    "operatingSystem": "linux",
                    "osImage": "Container-Optimized OS from Google",
                    "systemUUID": "*****"
                }
            }
        }
    ],
    "kind": "List",
    "metadata": {
        "resourceVersion": "",
        "selfLink": ""
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "NodeNames": [
        "gke-cluster-1-default-pool-*****"
    ],
    "NodeInternalIPs": [
        "***.***.***.***"
    ],
    "NodeExternalIPs": [
        "***.***.***.***"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Nodes failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

List Nodes failed. Failed to load gcloud.

Status Code: 403.

Message: Permission denied.

Replace Deployment Scale Replicas

Replaces the number of replicas for the specified deployments.

READER NOTE

The parameter Deployment Names is required to run this command.

  • Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input deployment names must match your input namespace, otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Deployment Names

Required

The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command.

[ "nginx-*" ]

NameSpace

Optional

The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Number of Replicas

Required

The number of replicas.

2

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "api_version": "autoscaling/v1",
        "kind": "Scale",
        "metadata": {
            "annotations": null,
            "cluster_name": null,
            "creation_timestamp": "2022-03-07 04:32:26+00:00",
            "deletion_grace_period_seconds": null,
            "deletion_timestamp": null,
            "finalizers": null,
            "generate_name": null,
            "generation": null,
            "labels": null,
            "managed_fields": null,
            "name": "nginx-*",
            "namespace": "default",
            "owner_references": null,
            "resource_version": "*****",
            "self_link": null,
            "uid": "*****"
        },
        "spec": {
            "replicas": 2
        },
        "status": {
            "replicas": 3,
            "selector": "app=nginx-*"
        }
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "ReplicasSpec": [
        "2"
    ],
    "ReplicasStatus": [
        "3"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

autoscaling/v1

kind

Scale

metadata

{'annotations': None, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:32:26+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': None, 'managed_fields': None, 'name': 'nginx-3', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'replicas': 2}

status

{'replicas': 3, 'selector': 'app=nginx-3'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Replace Deployment Scale Replicas failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Deployment Not Found.

Error Sample Data

Replace Deployment Scale Replicas failed.

Status Code: 404.

Message: Deployment Not Found.

Restart Deployment

Restarts the specified deployment.

READER NOTE

The parameter Deployment Names is required to run this command.

  • Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input deployment names must match your input namespace Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended to run the List All Namespace Deployments command, and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Deployment Names

Required

The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command.

[ "nginx-*" ]

NameSpace

Optional

The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "apps/v1",
    "kind": "Deployment",
    "metadata": {
        "annotations": {
            "deployment.kubernetes.io/revision": "3"
        },
        "cluster_name": null,
        "creation_timestamp": "2022-03-07 04:32:26+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": null,
        "generation": 4,
        "labels": {
            "app": "nginx-*"
        },
        "managed_fields": [
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:metadata": {
                        "f:labels": {
                            ".": {},
                            "f:app": {}
                        }
                    },
                    "f:spec": {
                        "f:progressDeadlineSeconds": {},
                        "f:replicas": {},
                        "f:revisionHistoryLimit": {},
                        "f:selector": {},
                        "f:strategy": {
                            "f:rollingUpdate": {
                                ".": {},
                                "f:maxSurge": {},
                                "f:maxUnavailable": {}
                            },
                            "f:type": {}
                        },
                        "f:template": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:containers": {
                                    "k:{\"name\":\"nginx-*\"}": {
                                        ".": {},
                                        "f:image": {},
                                        "f:imagePullPolicy": {},
                                        "f:name": {},
                                        "f:resources": {},
                                        "f:terminationMessagePath": {},
                                        "f:terminationMessagePolicy": {}
                                    }
                                },
                                "f:dnsPolicy": {},
                                "f:restartPolicy": {},
                                "f:schedulerName": {},
                                "f:securityContext": {},
                                "f:terminationGracePeriodSeconds": {}
                            }
                        }
                    }
                },
                "manager": "GoogleCloudConsole",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-07 04:32:26+00:00"
            },
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:template": {
                            "f:metadata": {
                                "f:annotations": {
                                    ".": {},
                                    "f:kubectl.kubernetes.io/restartedAt": {}
                                }
                            }
                        }
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 01:34:24+00:00"
            },
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:metadata": {
                        "f:annotations": {
                            ".": {},
                            "f:deployment.kubernetes.io/revision": {}
                        }
                    },
                    "f:status": {
                        "f:availableReplicas": {},
                        "f:conditions": {
                            ".": {},
                            "k:{\"type\":\"Available\"}": {
                                ".": {},
                                "f:lastTransitionTime": {},
                                "f:lastUpdateTime": {},
                                "f:message": {},
                                "f:reason": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Progressing\"}": {
                                ".": {},
                                "f:lastTransitionTime": {},
                                "f:lastUpdateTime": {},
                                "f:message": {},
                                "f:reason": {},
                                "f:status": {},
                                "f:type": {}
                            }
                        },
                        "f:observedGeneration": {},
                        "f:readyReplicas": {},
                        "f:replicas": {},
                        "f:updatedReplicas": {}
                    }
                },
                "manager": "kube-controller-manager",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 01:38:01+00:00"
            }
        ],
        "name": "nginx-*",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "min_ready_seconds": null,
        "paused": null,
        "progress_deadline_seconds": 600,
        "replicas": 3,
        "revision_history_limit": 10,
        "selector": {
            "match_expressions": null,
            "match_labels": {
                "app": "nginx-*"
            }
        },
        "strategy": {
            "rolling_update": {
                "max_surge": "25%",
                "max_unavailable": "25%"
            },
            "type": "RollingUpdate"
        },
        "template": {
            "metadata": {
                "annotations": {
                    "kubectl.kubernetes.io/restartedAt": "2022-03-09T01:38:29.666147Z"
                },
                "cluster_name": null,
                "creation_timestamp": null,
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "app": "nginx-*"
                },
                "managed_fields": null,
                "name": null,
                "namespace": null,
                "owner_references": null,
                "resource_version": null,
                "self_link": null,
                "uid": null
            },
            "spec": {
                "active_deadline_seconds": null,
                "affinity": null,
                "automount_service_account_token": null,
                "containers": [
                    {
                        "args": null,
                        "command": null,
                        "env": null,
                        "env_from": null,
                        "image": "nginx:latest",
                        "image_pull_policy": "Always",
                        "lifecycle": null,
                        "liveness_probe": null,
                        "name": "nginx-*",
                        "ports": null,
                        "readiness_probe": null,
                        "resources": {
                            "limits": null,
                            "requests": null
                        },
                        "security_context": null,
                        "startup_probe": null,
                        "stdin": null,
                        "stdin_once": null,
                        "termination_message_path": "/dev/termination-***",
                        "termination_message_policy": "File",
                        "tty": null,
                        "volume_devices": null,
                        "volume_mounts": null,
                        "working_dir": null
                    }
                ],
                "dns_config": null,
                "dns_policy": "ClusterFirst",
                "enable_service_links": null,
                "ephemeral_containers": null,
                "host_aliases": null,
                "host_ipc": null,
                "host_network": null,
                "host_pid": null,
                "hostname": null,
                "image_pull_secrets": null,
                "init_containers": null,
                "node_name": null,
                "node_selector": null,
                "os": null,
                "overhead": null,
                "preemption_policy": null,
                "priority": null,
                "priority_class_name": null,
                "readiness_gates": null,
                "restart_policy": "Always",
                "runtime_class_name": null,
                "scheduler_name": "default-scheduler",
                "security_context": {
                    "fs_group": null,
                    "fs_group_change_policy": null,
                    "run_as_group": null,
                    "run_as_non_root": null,
                    "run_as_user": null,
                    "se_linux_options": null,
                    "seccomp_profile": null,
                    "supplemental_groups": null,
                    "sysctls": null,
                    "windows_options": null
                },
                "service_account": null,
                "service_account_name": null,
                "set_hostname_as_fqdn": null,
                "share_process_namespace": null,
                "subdomain": null,
                "termination_grace_period_seconds": 30,
                "tolerations": null,
                "topology_spread_constraints": null,
                "volumes": null
            }
        }
    },
    "status": {
        "available_replicas": 3,
        "collision_count": null,
        "conditions": [
            {
                "last_transition_time": "2022-03-07 04:32:29+00:00",
                "last_update_time": "2022-03-07 04:32:29+00:00",
                "message": "Deployment has minimum availability.",
                "reason": "MinimumReplicasAvailable",
                "status": "True",
                "type": "Available"
            },
            {
                "last_transition_time": "2022-03-07 04:32:26+00:00",
                "last_update_time": "2022-03-09 01:38:01+00:00",
                "message": "ReplicaSet \"nginx-*-*****\" has successfully progressed.",
                "reason": "NewReplicaSetAvailable",
                "status": "True",
                "type": "Progressing"
            }
        ],
        "observed_generation": 3,
        "ready_replicas": 3,
        "replicas": 3,
        "unavailable_replicas": null,
        "updated_replicas": 3
    }
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

api_version

apps/v1

kind

Deployment

metadata

{'annotations': {'deployment.kubernetes.io/revision': '3'}, 'cluster_name': None, 'creation_timestamp': '2022-03-07 04:32:26+00:00', 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': 4, 'labels': {'app': 'nginx-3'}, 'managed_fields': [{'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:progressDeadlineSeconds': {}, 'f:replicas': {}, 'f:revisionHistoryLimit': {}, 'f:selector': {}, 'f:strategy': {'f:rollingUpdate': {'.': {}, 'f:maxSurge': {}, 'f:maxUnavailable': {}}, 'f:type': {}}, 'f:template': {'f:metadata': {'f:labels': {'.': {}, 'f:app': {}}}, 'f:spec': {'f:containers': {'k:{"name":"nginx-1"}': {'.': {}, 'f:image': {}, 'f:imagePullPolicy': {}, 'f:name': {}, 'f:resources': {}, 'f:terminationMessagePath': {}, 'f:terminationMessagePolicy': {}}}, 'f:dnsPolicy': {}, 'f:restartPolicy': {}, 'f:schedulerName': {}, 'f:securityContext': {}, 'f:terminationGracePeriodSeconds': {}}}}}, 'manager': 'GoogleCloudConsole', 'operation': 'Update', 'subresource': None, 'time': '2022-03-07 04:32:26+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:spec': {'f:template': {'f:metadata': {'f:annotations': {'.': {}, 'f:kubectl.kubernetes.io/restartedAt': {}}}}}}, 'manager': 'OpenAPI-Generator', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 01:34:24+00:00'}, {'api_version': 'apps/v1', 'fields_type': 'FieldsV1', 'fields_v1': {'f:metadata': {'f:annotations': {'.': {}, 'f:deployment.kubernetes.io/revision': {}}}, 'f:status': {'f:availableReplicas': {}, 'f:conditions': {'.': {}, 'k:{"type":"Available"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}, 'k:{"type":"Progressing"}': {'.': {}, 'f:lastTransitionTime': {}, 'f:lastUpdateTime': {}, 'f:message': {}, 'f:reason': {}, 'f:status': {}, 'f:type': {}}}, 'f:observedGeneration': {}, 'f:readyReplicas': {}, 'f:replicas': {}, 'f:updatedReplicas': {}}}, 'manager': 'kube-controller-manager', 'operation': 'Update', 'subresource': None, 'time': '2022-03-09 01:38:01+00:00'}], 'name': 'nginx-3', 'namespace': 'default', 'owner_references': None, 'resource_version': '*****', 'self_link': None, 'uid': '*****'}

spec

{'min_ready_seconds': None, 'paused': None, 'progress_deadline_seconds': 600, 'replicas': 3, 'revision_history_limit': 10, 'selector': {'match_expressions': None, 'match_labels': {'app': 'nginx-3'}}, 'strategy': {'rolling_update': {'max_surge': '25%', 'max_unavailable': '25%'}, 'type': 'RollingUpdate'}, 'template': {'metadata': {'annotations': {'kubectl.kubernetes.io/restartedAt': '2022-03-09T01:38:29.666147Z'}, 'cluster_name': None, 'creation_timestamp': None, 'deletion_grace_period_seconds': None, 'deletion_timestamp': None, 'finalizers': None, 'generate_name': None, 'generation': None, 'labels': {'app': 'nginx-3'}, 'managed_fields': None, 'name': None, 'namespace': None, 'owner_references': None, 'resource_version': None, 'self_link': None, 'uid': None}, 'spec': {'active_deadline_seconds': None, 'affinity': None, 'automount_service_account_token': None, 'containers': [{'args': None, 'command': None, 'env': None, 'env_from': None, 'image': 'nginx:latest', 'image_pull_policy': 'Always', 'lifecycle': None, 'liveness_probe': None, 'name': 'nginx-1', 'ports': None, 'readiness_probe': None, 'resources': {'limits': None, 'requests': None}, 'security_context': None, 'startup_probe': None, 'stdin': None, 'stdin_once': None, 'termination_message_path': '/dev/termination-log', 'termination_message_policy': 'File', 'tty': None, 'volume_devices': None, 'volume_mounts': None, 'working_dir': None}], 'dns_config': None, 'dns_policy': 'ClusterFirst', 'enable_service_links': None, 'ephemeral_containers': None, 'host_aliases': None, 'host_ipc': None, 'host_network': None, 'host_pid': None, 'hostname': None, 'image_pull_secrets': None, 'init_containers': None, 'node_name': None, 'node_selector': None, 'os': None, 'overhead': None, 'preemption_policy': None, 'priority': None, 'priority_class_name': None, 'readiness_gates': None, 'restart_policy': 'Always', 'runtime_class_name': None, 'scheduler_name': 'default-scheduler', 'security_context': {'fs_group': None, 'fs_group_change_policy': None, 'run_as_group': None, 'run_as_non_root': None, 'run_as_user': None, 'se_linux_options': None, 'seccomp_profile': None, 'supplemental_groups': None, 'sysctls': None, 'windows_options': None}, 'service_account': None, 'service_account_name': None, 'set_hostname_as_fqdn': None, 'share_process_namespace': None, 'subdomain': None, 'termination_grace_period_seconds': 30, 'tolerations': None, 'topology_spread_constraints': None, 'volumes': None}}}

status

{'available_replicas': 3, 'collision_count': None, 'conditions': [{'last_transition_time': '2022-03-07 04:32:29+00:00', 'last_update_time': '2022-03-07 04:32:29+00:00', 'message': 'Deployment has minimum availability.', 'reason': 'MinimumReplicasAvailable', 'status': 'True', 'type': 'Available'}, {'last_transition_time': '2022-03-07 04:32:26+00:00', 'last_update_time': '2022-03-09 01:38:01+00:00', 'message': 'ReplicaSet "nginx-3-*****" has successfully progressed.', 'reason': 'NewReplicaSetAvailable', 'status': 'True', 'type': 'Progressing'}], 'observed_generation': 3, 'ready_replicas': 3, 'replicas': 3, 'unavailable_replicas': None, 'updated_replicas': 3}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Restart Deployment failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Deployment Not Found.

Error Sample Data

Restart Deployment failed.

Status Code: 404.

Message: Deployment Not Found.

Set Node Pool Size

Sets the size for a specific node pool.

READER NOTE

Node Pool Name is a required parameter to run this command.

  • Run the List Node Pool command to obtain the Node Pool Name. Node Pool Name can be found in the raw data at the path $.nodePools.name.

Input

Input Parameter

Required/Optional

Description

Example

Node Pool Name

Required

The name of the node pool to set size. Node Pool Name can be obtained using the List Node Pool command.

nodepool-api-*****

Node Count

Required

The desired node count for the pool.

2

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "name": "operation-*****",
    "zone": "us-west1-a",
    "operationType": "SET_NODE_POOL_SIZE",
    "status": "RUNNING",
    "selfLink": "https://container.googleapis.com/*****",
    "targetLink": "https://container.googleapis.com/*****",
    "startTime": "2022-03-08T17:36:00.579725134Z"
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Name": [
        "operation-*****"
    ],
    "Zone": [
        "us-west1-a"
    ],
    "OperationType": [
        "SET_NODE_POOL_SIZE"
    ],
    "Status": [
        "RUNNING"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

operation-*****-*****

zone

us-west1-a

operationType

SET_NODE_POOL_SIZE

status

RUNNING

selfLink

https://container.googleapis.com/*****

targetLink

https://container.googleapis.com/*****

startTime

2022-03-08T17:36:00.579725134Z

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Update Ticket failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

Node Pool Size failed. Failed to load gcloud.

Status Code: 403.

Message: Permission denied.

Update Deployment

Updates a deployment with the specified configuration in the specified namespace.

READER NOTE

Deployment Name is a required parameter to run this command.

  • Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.

NameSpace is an optional parameter to run this command.

  • Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.

WARNING

  • Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.

  • The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.

Input

Input Parameter

Required/Optional

Description

Example

Deployment Name

Required

The name of the deployment that will be updated. Deployment Name can be obtained using the List All Namespace Deployments command.

deployment-*****

NameSpace

Optional

The namespace in which the deployment will be updated. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used.

default

Configuration

Required

The configuration update of the deployment. The format is YAML or JSON.

apiVersion: apps/v1
kind: Deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginxj
serviceName: "*****"
template:
metadata:
labels:
app: nginxj
spec:
containers:
- name: nginxjnew
image: nginx:1.16.0
ports:
- containerPort: *****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "api_version": "apps/v1",
    "kind": "Deployment",
    "metadata": {
        "annotations": {
            "deployment.kubernetes.io/revision": "2"
        },
        "cluster_name": null,
        "creation_timestamp": "2022-03-09 18:48:24+00:00",
        "deletion_grace_period_seconds": null,
        "deletion_timestamp": null,
        "finalizers": null,
        "generate_name": null,
        "generation": 2,
        "labels": null,
        "managed_fields": [
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:spec": {
                        "f:progressDeadlineSeconds": {},
                        "f:replicas": {},
                        "f:revisionHistoryLimit": {},
                        "f:selector": {},
                        "f:strategy": {
                            "f:rollingUpdate": {
                                ".": {},
                                "f:maxSurge": {},
                                "f:maxUnavailable": {}
                            },
                            "f:type": {}
                        },
                        "f:template": {
                            "f:metadata": {
                                "f:labels": {
                                    ".": {},
                                    "f:app": {}
                                }
                            },
                            "f:spec": {
                                "f:containers": {
                                    "k:{\"name\":\"*****\"}": {
                                        ".": {},
                                        "f:image": {},
                                        "f:imagePullPolicy": {},
                                        "f:name": {},
                                        "f:ports": {
                                            ".": {},
                                            "k:{\"containerPort\":*****,\"protocol\":\"TCP\"}": {
                                                ".": {},
                                                "f:containerPort": {},
                                                "f:protocol": {}
                                            }
                                        },
                                        "f:resources": {},
                                        "f:terminationMessagePath": {},
                                        "f:terminationMessagePolicy": {}
                                    },
                                    "k:{\"name\":\"*****\"}": {
                                        ".": {},
                                        "f:image": {},
                                        "f:imagePullPolicy": {},
                                        "f:name": {},
                                        "f:resources": {},
                                        "f:terminationMessagePath": {},
                                        "f:terminationMessagePolicy": {}
                                    }
                                },
                                "f:dnsPolicy": {},
                                "f:restartPolicy": {},
                                "f:schedulerName": {},
                                "f:securityContext": {},
                                "f:terminationGracePeriodSeconds": {}
                            }
                        }
                    }
                },
                "manager": "OpenAPI-Generator",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 18:50:45+00:00"
            },
            {
                "api_version": "apps/v1",
                "fields_type": "FieldsV1",
                "fields_v1": {
                    "f:metadata": {
                        "f:annotations": {
                            ".": {},
                            "f:deployment.kubernetes.io/revision": {}
                        }
                    },
                    "f:status": {
                        "f:conditions": {
                            ".": {},
                            "k:{\"type\":\"Available\"}": {
                                ".": {},
                                "f:lastTransitionTime": {},
                                "f:lastUpdateTime": {},
                                "f:message": {},
                                "f:reason": {},
                                "f:status": {},
                                "f:type": {}
                            },
                            "k:{\"type\":\"Progressing\"}": {
                                ".": {},
                                "f:lastTransitionTime": {},
                                "f:lastUpdateTime": {},
                                "f:message": {},
                                "f:reason": {},
                                "f:status": {},
                                "f:type": {}
                            }
                        },
                        "f:observedGeneration": {},
                        "f:replicas": {},
                        "f:unavailableReplicas": {},
                        "f:updatedReplicas": {}
                    }
                },
                "manager": "kube-controller-manager",
                "operation": "Update",
                "subresource": null,
                "time": "2022-03-09 18:51:44+00:00"
            }
        ],
        "name": "deployment-*****",
        "namespace": "default",
        "owner_references": null,
        "resource_version": "*****",
        "self_link": null,
        "uid": "*****"
    },
    "spec": {
        "min_ready_seconds": null,
        "paused": null,
        "progress_deadline_seconds": 600,
        "replicas": 2,
        "revision_history_limit": 10,
        "selector": {
            "match_expressions": null,
            "match_labels": {
                "app": "nginxj"
            }
        },
        "strategy": {
            "rolling_update": {
                "max_surge": "25%",
                "max_unavailable": "25%"
            },
            "type": "RollingUpdate"
        },
        "template": {
            "metadata": {
                "annotations": null,
                "cluster_name": null,
                "creation_timestamp": null,
                "deletion_grace_period_seconds": null,
                "deletion_timestamp": null,
                "finalizers": null,
                "generate_name": null,
                "generation": null,
                "labels": {
                    "app": "nginxj"
                },
                "managed_fields": null,
                "name": null,
                "namespace": null,
                "owner_references": null,
                "resource_version": null,
                "self_link": null,
                "uid": null
            },
            "spec": {
                "active_deadline_seconds": null,
                "affinity": null,
                "automount_service_account_token": null,
                "containers": [
                    {
                        "args": null,
                        "command": null,
                        "env": null,
                        "env_from": null,
                        "image": "nginx:1.16.0",
                        "image_pull_policy": "IfNotPresent",
                        "lifecycle": null,
                        "liveness_probe": null,
                        "name": "*****",
                        "ports": null,
                        "readiness_probe": null,
                        "resources": {
                            "limits": null,
                            "requests": null
                        },
                        "security_context": null,
                        "startup_probe": null,
                        "stdin": null,
                        "stdin_once": null,
                        "termination_message_path": "/dev/termination-log",
                        "termination_message_policy": "File",
                        "tty": null,
                        "volume_devices": null,
                        "volume_mounts": null,
                        "working_dir": null
                    },
                    {
                        "args": null,
                        "command": null,
                        "env": null,
                        "env_from": null,
                        "image": "nginx:***.***.***",
                        "image_pull_policy": "IfNotPresent",
                        "lifecycle": null,
                        "liveness_probe": null,
                        "name": "*****",
                        "ports": [
                            {
                                "container_port": *****,
                                "host_ip": null,
                                "host_port": null,
                                "name": null,
                                "protocol": "TCP"
                            }
                        ],
                        "readiness_probe": null,
                        "resources": {
                            "limits": null,
                            "requests": null
                        },
                        "security_context": null,
                        "startup_probe": null,
                        "stdin": null,
                        "stdin_once": null,
                        "termination_message_path": "/dev/termination-log",
                        "termination_message_policy": "File",
                        "tty": null,
                        "volume_devices": null,
                        "volume_mounts": null,
                        "working_dir": null
                    }
                ],
                "dns_config": null,
                "dns_policy": "ClusterFirst",
                "enable_service_links": null,
                "ephemeral_containers": null,
                "host_aliases": null,
                "host_ipc": null,
                "host_network": null,
                "host_pid": null,
                "hostname": null,
                "image_pull_secrets": null,
                "init_containers": null,
                "node_name": null,
                "node_selector": null,
                "os": null,
                "overhead": null,
                "preemption_policy": null,
                "priority": null,
                "priority_class_name": null,
                "readiness_gates": null,
                "restart_policy": "Always",
                "runtime_class_name": null,
                "scheduler_name": "default-scheduler",
                "security_context": {
                    "fs_group": null,
                    "fs_group_change_policy": null,
                    "run_as_group": null,
                    "run_as_non_root": null,
                    "run_as_user": null,
                    "se_linux_options": null,
                    "seccomp_profile": null,
                    "supplemental_groups": null,
                    "sysctls": null,
                    "windows_options": null
                },
                "service_account": null,
                "service_account_name": null,
                "set_hostname_as_fqdn": null,
                "share_process_namespace": null,
                "subdomain": null,
                "termination_grace_period_seconds": 30,
                "tolerations": null,
                "topology_spread_constraints": null,
                "volumes": null
            }
        }
    },
    "status": {
        "available_replicas": null,
        "collision_count": null,
        "conditions": [
            {
                "last_transition_time": "2022-03-09 18:48:25+00:00",
                "last_update_time": "2022-03-09 18:50:53+00:00",
                "message": "ReplicaSet \"deployment-*****-*****\" has successfully progressed.",
                "reason": "NewReplicaSetAvailable",
                "status": "True",
                "type": "Progressing"
            },
            {
                "last_transition_time": "2022-03-09 18:51:14+00:00",
                "last_update_time": "2022-03-09 18:51:14+00:00",
                "message": "Deployment does not have minimum availability.",
                "reason": "MinimumReplicasUnavailable",
                "status": "False",
                "type": "Available"
            }
        ],
        "observed_generation": 2,
        "ready_replicas": null,
        "replicas": 2,
        "unavailable_replicas": 2,
        "updated_replicas": 2
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "DeploymentName": [
        "deployment-*****"
    ],
    "DeploymentID": [
        "*****"
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Update Deployment failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Permission denied.

Error Sample Data

Update Deployment failed. Failed to load gcloud.

Status Code: 403.

Message: Permission denied.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 400.

Message: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file.

FAQ

Connection Error: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file

  1. Make sure the Google Cloud SDK have to be installed in D3 SOAR hosting server and D3 proxy server (if any).

  2. Make sure the installed Google Cloud SDK is under the file directory C:\Program Files (x86)\Google.

Connection Error: Permission denied. Please verify that you have permissions to write to the parent directory.

  1. Make sure the D3 SOAR has a local system right on the hosting server.

Deploying to Google Kubernetes Engine Permission

  1. By default, GKE uses the Compute Engine service account as the identity for nodes. This default service account has read-only access to Artifact Registry repositories in the same Google Cloud project.

  2. If your repositories are in a different project or if you use a user-managed service account as the identity for your nodes, you must grant the Artifact Registry Reader role to the service account. To upload to repositories from nodes, grant the Artifact Registry Writer role.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.