Overview

Set of insight actions created to power up playbook capabilities.

Actions

Create Entity Insight From Enrichment

Description

Creates an entity insight from an enrichment action.

Parameters

ParameterTypeDefault ValueIs MandatoryDescription
MessageStringN/AYesSpecify a formatted string that incorporates entity enrichment.
Triggered ByStringSiemplifyNoSpecify the name of the integration that should be associated with the insight.

Example

Results will be visible in the case overview under “Insights”.

Action Results

  • Script Result
Script Result NameValue optionsExample
ScriptResultTrue/Falsetrue

Create Entity Insight From JSON

Description

Creates an entity insight from an enrichment action.

Parameters

ParameterTypeDefault ValueIs MandatoryDescription
JSONJSONN/AYesSpecify the JSON that will be used to produce entity insight.
Identifier KeyPathStringN/AYesSpecify the key path where to find the entity identifier to match the insight with the associated entity.
MessageStringN/AYesSpecify the formatted string that incorporates entity enrichment.
Triggered ByStringSiemplifyNoSpecify the name of the integration that should be associated with the insight.

Example

In this scenario, we’re creating an entity insight based on an IP entity.

Action Results

  • Script Result
Script Result NameValue optionsExample
ScriptResultTrue/Falsetrue

Create Entity Insight From Multiple JSONs

Description

Creates an entity insight from an enrichment action.

Parameters

ParameterTypeDefault ValueIs MandatoryDescription
Fields4StringN/ANoSpecify the fields that will be extracted from the fourth JSON string.
JSON4JSONN/ANoSpecify the fourth JSON string to be parsed for the insight.
Title5StringN/ANoSpecify the title to be used for the fifth entity section.
Fields5StringN/ANoSpecify the fields that will be extracted from the fifth JSON string.
JSON5JSONN/ANoSpecify the fifth JSON string to be parsed for the insight.
Placeholder SeparatorString,NoSpecify string that will break the lines.
Title1StringN/ANoSpecify the title to be used for the first entity section.
Fields1StringN/ANoSpecify the fields that will be extracted from the first JSON string
JSON1JSONN/ANoSpecify the first JSON string to be parsed for the insight.
Title2StringN/ANoSpecify the title to be used for the second entity section.
Fields2StringN/ANoSpecify the fields that will be extracted from the second JSON string
JSON2JSONN/ANoSpecify the second JSON string to be parsed for the insight.
Title3StringN/ANoSpecify the title to be used for the third entity section.
Fields3StringN/ANoSpecify the fields that will be extracted from the third JSON string
JSON3JSONN/ANoSpecify the third JSON string to be parsed for the insight.
Title4StringN/ANoSpecify the title to be used for the fourth entity section.

Example

In this scenario, we’re creating an entity insight based on an IP entity and enriching it with VirusTotal and Crowdstrike information.

Action Results

  • Script Result
Script Result NameValue optionsExample
ScriptResultTrue/Falsetrue