add_entity_to_case
Related Concepts: Case Manipulation
This function adds entity insight to the selected entity identifier of the alert.
siemplify.add_entity_to_case(case_id, alert_identifier, entity_identifier, entity_type, is_internal, is_suspicious, is_enriched, is_vulnerable, properties, environment)
Parameters
Param Name | Param Type | Possible Values | Comments | Mandatory Parameter |
---|---|---|---|---|
case_id | string | 234 | Unique Case Identifier | Yes |
alert_identifier | string | ad6879f1-b72d-419f-990c-011a2526b16d | N/A | Yes |
entity_identifier | string | “8.8.8.8” | Unique entity Identifier | Yes |
entity_type | string | “ADDRESS” | Entity type of the entity identifier. | Yes |
is_internal | boolean | True/False | Internal: True, External: False | Yes |
is_suspicious | boolean | True/False | suspicious: True, not suspicious: False | Yes |
is_enriched | boolean | True/False | enriched: True, not enriched: False. Default is False. | Yes |
is_vulnerable | boolean | True/False | vulnerable: True, not vulnerable: False. Default is False. | Yes |
properties | dict | {“property”:“value”} | Property of the entity. | Yes |
environment | string | “Siemplify” | One of the defined environments in Siemplify. | Yes |
Return Type
NoneType
Example
Sample code
from SiemplifyAction import SiemplifyAction
siemplify = SiemplifyAction()
case_id = "234"
alert_identifier = "ad6879f1-b72d-419f-990c-011a2526b16d"
entity = "8.8.8.8"
entity_type = "ADDRESS"
properties = {"property": "value"}
siemplify.add_entity_to_case(case_id=case_id,
alert_identifier = alert_identifier,
entity_identifier = entity,
entity_type = entity_type,
is_internal = True,
is_suspicious = False,
is_enriched = False,
is_vulnerable = False,
properties = properties,
environment=None)
Result Behavior
The entity with the provided information will be added to given alert with in the case 234.
Result Value
None