ini-icam-send-event-batch
Send a security event to INI-ICAM Platform for each pipeline row.
The following fields are read from each input row:
- severity (INT, required): Event severity (0~10, higher value means more critical)
- src_ip (STRING/IP, optional): Source IP address
- dst_ip (STRING/IP, optional): Destination IP address
- dst_port (INT, optional): Destination port
- user (STRING, optional): ICAM-registered user identifier
- category (STRING, required): Event category
- msg (STRING, optional): Event message Per-row result is written to '_result' and '_error' fields.
Syntax
ini-icam-send-event-batch profile=PROFILE [dry-run=DRY-RUN]
Options
- profile=PROFILE
- Required. INI-ICAM connect profile
- dry-run=DRY-RUN
- Optional. Dry run mode — validates each row without sending to ICAM (t or f, default: t)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | INI-ICAM connect profile |
| _result | String | Result | success or fail (real run) |
| _expected | String | Expected | success or fail (dry-run only) |
| _error | String | Error | Error message on failure. |