Skip to content

Trigger

A trigger monitors events and launches a playbook when a new event is detected (see definition).

  • A manifest file in the root directory of the module. The manifest of an action is prefixed with the string trigger_. This document contains:

    • The unique identifier of the trigger (field uuid)
    • The name of the trigger (field name)
    • A short description about that the trigger (field description)
    • The unique command name of the trigger (field docker_parameter)
    • A description of the configuration of the trigger (field arguments). This description is a JSON schema model
    • A description of the event generated by the trigger (field results). This description is a JSON schema model

  • A python code

Python code

A trigger is a class based on Trigger from sekoia-automation-sdk.

It must implement the method run and call the method send_event to launch a new playbook run.

Connector

A Connector is a specialized trigger that collect raw event logs and forward them to Sekoia.io.

A Connector is a class based on Connector from sekoia-automation-sdk.

It must implement the method run and call the method publish_events_to_intake to forward events.

(See OKTA system log connector)

Entrypoint

To expose a trigger of the module, the trigger must be declared in main.py at the root of the module.

Import the class in main.py and register the class, against the module, with the unique command name of the trigger as second argument.

(See Okta main.py)