SOC Integrator Admin

Health

Field	Value

Auto Sync

Field	Value

Systems Monitor

Minutes Limit Auto refresh Interval (seconds)

Run Sim Logs

Script Target Scenario Count Delay (s) Forever

Logs	Action

Run Output

Tail lines Auto refresh logs Interval (seconds)

Wazuh Live Correlation

auto refresh every 5s

Records

Latest 100 (no filter)

Show query used

Latest Event Logs

Time	rule.id	rule.description	full_log

No events found for selected run yet.

Incident Pipeline KPIs

KPI	Value

Log Loss Check

Minutes Create IRIS Ticket

Appendix C Detections

Minutes Limit Dry run

Query Selectors (comma-separated)

State

Evaluate

History

IOC Enrich / Evaluate

Type IOC Value Providers

Malicious threshold Suspicious threshold

Enrich

Evaluate

History

File IOC (VirusTotal)

File Poll timeout (s) Poll interval (s)

Analysis ID

Upload

Analysis

Evaluate File

GeoIP Lookup

IP Address

Field	Value

Create IRIS Ticket

Title Description Customer ID SOC ID

List IRIS Tickets

Limit Offset

Shuffle Status

Health/Auth

Apps/Workflows

Execute Workflow

Workflow ID Payload (JSON)

Wazuh Status

Wazuh Data

Limit Offset

Query (alerts/logs)

Sync Wazuh to MVP

Minutes Limit Query

MVP Health & Policy

Policy JSON

Field	Value

MVP Incident Ingest

MVP IOC / VPN Evaluate

IOC Evaluate JSON

VPN Evaluate JSON

OpenAPI Explorer

Endpoint Path Params (JSON)

Query Params (JSON) Body (JSON)

SOC Integrator Admin Console

Connection

Health

Auto Sync

Systems Monitor

Run Sim Logs

Run Output

Wazuh Live Correlation

Latest Event Logs

Incident Pipeline KPIs

Log Loss Check

Appendix C Detections

State

Evaluate

History

IOC Enrich / Evaluate

Enrich

Evaluate

History

File IOC (VirusTotal)

Upload

Analysis

Evaluate File

GeoIP Lookup

Create IRIS Ticket

List IRIS Tickets

Shuffle Status

Health/Auth

Apps/Workflows

Execute Workflow

Wazuh Status

Wazuh Data

Sync Wazuh to MVP

MVP Health & Policy

MVP Incident Ingest

MVP IOC / VPN Evaluate

IOC Evaluate JSON

VPN Evaluate JSON

OpenAPI Explorer