Insights
Overview
Set of insight actions created to power up playbook capabilities.
Actions
Create Entity Insight From Enrichment
Description
Creates an entity insight from an enrichment action.
Parameters
Parameter | Type | Default Value | Is Mandatory | Description |
Message | String | N/A | Yes | Specify a formatted string that incorporates entity enrichment. |
Triggered By | String | Siemplify | No | Specify the name of the integration that should be associated with the insight. |
Example
Results will be visible in the case overview under “Insights”.
Action Results
- Script Result
Script Result Name | Value options | Example |
ScriptResult | True/False | true |
Create Entity Insight From JSON
Description
Creates an entity insight from an enrichment action.
Parameters
Parameter | Type | Default Value | Is Mandatory | Description |
JSON | JSON | N/A | Yes | Specify the JSON that will be used to produce entity insight. |
Identifier KeyPath | String | N/A | Yes | Specify the key path where to find the entity identifier to match the insight with the associated entity. |
Message | String | N/A | Yes | Specify the formatted string that incorporates entity enrichment. |
Triggered By | String | Siemplify | No | Specify the name of the integration that should be associated with the insight. |
Example
In this scenario, we’re creating an entity insight based on an IP entity.
Action Results
- Script Result
Script Result Name | Value options | Example |
ScriptResult | True/False | true |
Create Entity Insight From Multiple JSONs
Description
Creates an entity insight from an enrichment action.
Parameters
Parameter | Type | Default Value | Is Mandatory | Description |
Fields4 | String | N/A | No | Specify the fields that will be extracted from the fourth JSON string. |
JSON4 | JSON | N/A | No | Specify the fourth JSON string to be parsed for the insight. |
Title5 | String | N/A | No | Specify the title to be used for the fifth entity section. |
Fields5 | String | N/A | No | Specify the fields that will be extracted from the fifth JSON string. |
JSON5 | JSON | N/A | No | Specify the fifth JSON string to be parsed for the insight. |
Placeholder Separator | String | , | No | Specify string that will break the lines. |
Title1 | String | N/A | No | Specify the title to be used for the first entity section. |
Fields1 | String | N/A | No | Specify the fields that will be extracted from the first JSON string |
JSON1 | JSON | N/A | No | Specify the first JSON string to be parsed for the insight. |
Title2 | String | N/A | No | Specify the title to be used for the second entity section. |
Fields2 | String | N/A | No | Specify the fields that will be extracted from the second JSON string |
JSON2 | JSON | N/A | No | Specify the second JSON string to be parsed for the insight. |
Title3 | String | N/A | No | Specify the title to be used for the third entity section. |
Fields3 | String | N/A | No | Specify the fields that will be extracted from the third JSON string |
JSON3 | JSON | N/A | No | Specify the third JSON string to be parsed for the insight. |
Title4 | String | N/A | No | Specify the title to be used for the fourth entity section. |
Example
In this scenario, we’re creating an entity insight based on an IP entity and enriching it with VirusTotal and Crowdstrike information.
Action Results
- Script Result
Script Result Name | Value options | Example |
ScriptResult | True/False | true |