Related Concepts: Case Manipulation

This function adds entity insight to the selected entity identifier of the alert.

siemplify.add_entity_to_case(case_id, alert_identifier, entity_identifier, entity_type, is_internal, is_suspicious, is_enriched, is_vulnerable, properties, environment)

Parameters

Param Name Param Type Possible Values Comments Mandatory Parameter
case_id string 234 Unique Case Identifier Yes
alert_identifier string ad6879f1-b72d-419f-990c-011a2526b16d N/A Yes
entity_identifier string “8.8.8.8” Unique entity Identifier Yes
entity_type string “ADDRESS” Entity type of the entity identifier. Yes
is_internal boolean True/False Internal: True, External: False Yes
is_suspicious boolean True/False suspicious: True, not suspicious: False Yes
is_enriched boolean True/False enriched: True, not enriched: False. Default is False. Yes
is_vulnerable boolean True/False vulnerable: True, not vulnerable: False. Default is False. Yes
properties dict {“property”:“value”} Property of the entity. Yes
environment string “Siemplify” One of the defined environments in Siemplify. Yes

Return Type

NoneType

Example

Sample code
from SiemplifyAction import SiemplifyAction
siemplify = SiemplifyAction()
case_id = "234"
alert_identifier = "ad6879f1-b72d-419f-990c-011a2526b16d"
entity = "8.8.8.8"
entity_type = "ADDRESS"
properties = {"property": "value"}
siemplify.add_entity_to_case(case_id=case_id, 
                                          alert_identifier = alert_identifier, 
                                          entity_identifier = entity, 
                                          entity_type = entity_type,
                                          is_internal = True, 
                                          is_suspicious = False, 
                                          is_enriched = False, 
                                          is_vulnerable = False, 
                                          properties = properties, 
                                          environment=None) 
Result Behavior
The entity with the provided information will be added to given alert with in the case 234. 
Result Value
None