Skip to content

Add Tessian Event Collector #43760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
amshamah419 wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add Tessian Event Collector #43760

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c17a8f9
Add Tessian Event Collector
amshamah419 Apr 5, 2026
1cdfaaf
Changes per CR
amshamah419 Apr 5, 2026
38cb78b
Changes per CR
amshamah419 Apr 5, 2026
c1cbd75
Changes per Demo
amshamah419 Apr 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions Packs/Tessian/Integrations/TessianEventCollector/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
Collects security events from Proofpoint Tessian for Cortex XSIAM.

## Configure Tessian Event Collector in Cortex

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL | Proofpoint Tessian portal URL (e.g., https://\{subdomain\}.tessian-platform.com or https://\{subdomain\}.tessian-app.com). | True |
| API Token | API Token generated in the Proofpoint Portal under Integrations > Security Integrations > Proofpoint API. | True |
| Use system proxy settings | Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. | False |
| Trust any certificate (not secure) | When selected, certificates are not checked. | False |
| Fetch events | Whether to fetch events. | False |
| Maximum number of security events per fetch | Maximum number of security events to fetch per cycle. Each cycle makes up to 10 API calls of 100 events each (max 1000). | False |
| Events Fetch Interval | | False |

## Commands

You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

### tessian-get-events

***
This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and API request limitation exceeding.

#### Base Command

`tessian-get-events`

#### Input

| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| limit | The maximum number of events to return. Default is 100. Maximum is 1000. | Optional |
| created_after | Only include events created after this time. ISO 8601 format (e.g., 2024-01-01T00:00:00Z). | Optional |
| should_push_events | If true, the command creates events in XSIAM; otherwise, it only displays them. Possible values are: true, false. Default is false. | Optional |

#### Context Output

There is no context output for this command.

#### Command example

```!tessian-get-events limit=10```

#### Human Readable Output

>### Tessian Security Events
>
>|Event ID|Type|Created At|Updated At|Entry Status|Portal Link|
>|---|---|---|---|---|---|
>| abc-123 | warning | 2024-01-01T00:00:00Z | 2024-01-01T00:00:00Z | new | https://example.tessian-platform.com/events/abc-123 |
Loading
Loading