%20(1)-x8Y.png)
Insights (General/Entity)
In Siemplify, insights are used to highlight important information that
collected in the playbooks by various actions. For example, you might run a
Threat Intelligence action to find out more information about a specific hash.
The results can be seen in the case wall or the action results of the relevant
action. However, if the report indicates that there is something malicious,
you might want to expose the data to the Analyst outright, without further
digging. This is easily done with insights.
An other example might be key
enrichment values, such as ActiveDirectory’s department enrichment, the
amount of users that received a potentially malicious email, etc.
Here’s an example of various insights:
In Siemplify, there are two types of insights:
- General insight
- Entity insight
The different between the insights’ types is whether or not they revolve around entities. The middle insight in the picture is the only entity insight in the image, and it can be clearly seen what entity it refers to.
General Insight
Related Methods: create_case_insight
Entity Insight
Related Methods: add_entity_insight
Note that this action creates a different insight for each entity in the action’s scope.