9.0 KiB
vSphere
Publisher: Splunk
Connector Version: 2.0.5
Product Vendor: VMware
Product Name: vSphere
Product Version Supported (regex): ".*"
Minimum Product Version: 5.2.0
This app implements investigative, containment and VM management actions on VMware ESXi or vCenter server
pysphere
This app uses the pysphere module, which is licensed under the New BSD License. Copyright (c) 2012, Sebastian Tello All rights reserved.
Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a vSphere asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| server | required | string | Server IP/Hostname |
| verify_server_cert | optional | boolean | Verify server certificate |
| username | required | string | Administrator username |
| password | required | password | Administrator password |
Supported Actions
test connectivity - Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
list vms - Get the list of registered VMs
get system info - Get information about a VM
start vm - Start a stopped or suspended VM
revert vm - Revert VM to a named snapshot if name is specified, otherwise revert to the current snapshot
stop vm - Stop a VM
suspend vm - Suspend a VM
snapshot vm - Take a snapshot of the VM
action: 'test connectivity'
Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
Type: test
Read only: True
Action Parameters
No parameters are required for this action
Action Output
No Output
action: 'list vms'
Get the list of registered VMs
Type: investigate
Read only: True
Action Parameters
No parameters are required for this action
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.data.*.ip | string | ip |
| action_result.data.*.state | string | |
| action_result.data.*.vm_full_name | string | |
| action_result.data.*.vm_hostname | string | host name |
| action_result.data.*.vm_name | string | |
| action_result.data.*.vmx_path | string | vm |
| action_result.summary.running_vms | numeric | |
| action_result.summary.total_vms | numeric | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'get system info'
Get information about a VM
Type: investigate
Read only: True
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| ip_hostname | required | Hostname/IP address to get info of | string | host name ip |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.ip_hostname | string | host name ip |
| action_result.data.*.ip | string | ip |
| action_result.data.*.state | string | |
| action_result.data.*.vm_full_name | string | |
| action_result.data.*.vm_hostname | string | host name |
| action_result.data.*.vm_name | string | |
| action_result.data.*.vmx_path | string | vm |
| action_result.summary.found_endpoint | boolean | |
| action_result.summary.total_vms_searched | numeric | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'start vm'
Start a stopped or suspended VM
Type: correct
Read only: False
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vmx_path | required | VMX file path | string | vm |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.vmx_path | string | vm |
| action_result.data | string | |
| action_result.summary | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'revert vm'
Revert VM to a named snapshot if name is specified, otherwise revert to the current snapshot
Type: contain
Read only: False
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vmx_path | required | VMX file path | string | vm |
| snapshot | optional | Snapshot name case sensitive to revert to |
string |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.snapshot | string | |
| action_result.parameter.vmx_path | string | vm |
| action_result.data | string | |
| action_result.summary | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'stop vm'
Stop a VM
Type: contain
Read only: False
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vmx_path | required | VMX file path | string | vm |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.vmx_path | string | vm |
| action_result.data | string | |
| action_result.summary | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'suspend vm'
Suspend a VM
Type: contain
Read only: False
The start vm action can be used to resume a suspended vm.
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vmx_path | required | VMX file path | string | vm |
| download | optional | Download suspend file to the vault | boolean |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.download | boolean | |
| action_result.parameter.vmx_path | string | vm |
| action_result.data.*.host | string | ip |
| action_result.data.*.name | string | |
| action_result.data.*.size | string | |
| action_result.data.*.type | string | |
| action_result.data.*.vault_id | string | vault id os memory dump vm suspend file |
| action_result.data.*.vmx_path | string | vm |
| action_result.summary | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
action: 'snapshot vm'
Take a snapshot of the VM
Type: generic
Read only: False
Action Parameters
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vmx_path | required | VMX file path | string | vm |
| download | optional | Download snapshot file to the vault | boolean |
Action Output
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.download | boolean | |
| action_result.parameter.vmx_path | string | vm |
| action_result.data.*.host | string | ip |
| action_result.data.*.name | string | |
| action_result.data.*.size | string | |
| action_result.data.*.type | string | |
| action_result.data.*.vault_id | string | vault id os memory dump vm snapshot file |
| action_result.data.*.vmx_path | string | vm |
| action_result.summary | string | |
| action_result.message | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |