%20(1)-x8Y.png)
add_entity_to_case
Related Concepts: Case Manipulation
This function adds an entity to the case.
add_entity_to_case(entity_identifier, entity_type, is_internal, is_suspicous, is_enriched, is_vulnerable, properties, case_id, alert_identifier, environment)Parameters
| Param Name | Param Type | Possible Values | Comments | Mandatory Parameter |
|---|---|---|---|---|
| entity_identifier | string | entity identifier values such as 1.1.1.1, google.com |
|
Yes |
| entity_type | string |
0: “SourceHostName” 1: “SourceAddress” 2: “SourceUserName” 3: “SourceProcessName” 4: “SourceMacAddress” 5: “DestinationHostName” 6: “DestinationAddress” 7: “DestinationUserName” 8: “DestinationProcessName” 9: “DestinationMacAddress” 10: “DestinationURL” 11: “Process” 12: “FileName” 13: “FileHash” 14: “EmailSubject” 15: “ThreatSignature” 16: “USB” 17: “Deployment” 18: “CreditCard” 19: “PhoneNumber” 20: “CVE” 21: “ThreatActor” 22: “ThreatCampaign” 23: “GenericEntity” 24: “ParentProcess” 25: “ParentHash” 26: “ChildProcess” 27: “ChildHash” 28: “SourceDomain” 29: “DestinationDomain” 30: “IPSet” |
|
Yes |
| is_internal | boolean | True/False | True: Internal, False: external | Yes |
| is_suspicous | boolean | True/False | True: Suspicious, False: Not suspicious | Yes |
| is_enriched | boolean | True/False | True: Enriched, False: Not enriched. The default value is False. | Yes |
| is_vulnerable | boolean | True/False | True: Vulnerable, False: Not vulnerable. The default value is False | Yes |
| properties | dict | {“Property1”:“PropertyValue”, “Property2”:“PropertyValue2”} |
|
Yes |
| case_id | string | 12345 | Unique case identifier. The case_id value defaults to None. | No |
| alert_identifier | string | 123123 | Unique alert identifier. The alert_identifier value defaults to None. | No |
| environment | string | Siemplify, Apple | Environment name as defined in Siemplify system. The environment value defaults to None | No |
Return Type
NoneTypeError
If there is an existing Entity, Siemplify will throw the following error.
500 Server Error: Internal Server Error for url: https://localhost:8443/api/external/v1/sdk/CreateEntity?format=snake: \"ErrorMessage\":\"Cannot add entity [Identifier:Entities Identifies - Type:siemplify.parameters[] to alert [MONITORED MAILBOX <FREETRIAL@SIEMPLIFY.CO>_633997CB-D23B-4A2B-92F2-AD1D350284FF] in case [30703] because the entity already exists there.\"Example
Sample code
from SiemplifyAction import SiemplifyActionsiemplify = SiemplifyAction()siemplify.add_entity_to_case(entity_identifier, entity_type, is_internal, is_suspicous, is_enriched, is_vulnerable, properties, case_id, alert_identifier, environment)
Result Behavior
This function will add a new entity to the case if it is not present in the case.Result Value
None