Related Concepts: Case Manipulation

This function returns a dictionary of similar cases based on entities, ports, rule generators, and category outcome in the provided time frame.

result = siemplify.get_similar_cases(consider,ports, 
                      consider_category_outcome,
                      consider_rule_generator,
                      consider_entity_identifiers,
                      days_to_look_back,case_id=None, end_time_unix_ms=None      

Parameters:

Param Name Param Type Possible Values Comments Mandatory Parameter
case_id string 234 Unique case id Yes
consider_ports boolean True/False This will configure whether to use port filter or not. Yes
consider_category_outcome boolean True/False This will configure whether to consider category outcome of the events. Yes
consider_rule_generator boolean True/False This will configure whether to consider rule generator for the alerts. Yes
consider_entity_identifiers boolean True/False This will configure whether to consider entity identifiers for the alerts. Yes
days_to_look_back integer 365 This will configure number of days backwards to look for similar cases. Yes
end_time_unix_ms string 1564214708469 The provided unix time is in milliseconds. No

Return Type

List

Example:

Input: Everything needs to be explicitly provided except case_id and end_time_unix_ms as they can be implicitly extracted from the current case.

Sample Code
from SiemplifyAction import SiemplifyAction 
siemplify = SiemplifyAction() 
result = siemplify.get_similar_cases(consider_ports=True, 
                        consider_category_outcome=False,   
                        consider_rule_generator=False,
                        consider_entity_identifiers=False,   
                        days_to_look_back=30, case_id="234", end_time_unix_ms=None)
Result Behavior
A list of case id similar to the case 234 will be returned.
Result Value
[4, 231]