Gets a list of incidents from Azure Sentinel. Identifies when the volume of documents uploaded to or downloaded from Sharepoint by new IP addressesĮxceeds a threshold (default is 'label_a', 'Type': 'User'}, SharePointFileOperation via previously unseen IPs } Copy Human Readable Output # Incident 8a44b7bb-c8ae-4941-9fa0-3aecc8ef1742 details # ID !azure-sentinel-get-incident-by-id incident_id=8a44b7bb-c8ae-4941-9fa0-3aecc8ef1742 Context Example # The deep-link URL to the incident in the Azure portal. The incident's generated last activity time. The incident's generated first activity time.Ī The number of the alerts in the incident.Ī The date and time the incident was created. The date and time the incident was last modified. The date and time of the incident's last activity.Ī The date and time of the incident's first activity.Ī The email address of the incident assignee.Ī Base Command #Īzure-sentinel-get-incident-by-id Input # Argument Name Gets a single incident from Azure Sentinel. You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.Īfter you successfully execute a command, a DBot message appears in the War Room with the command details. Important Note: To ensure the mirroring works as expected, mappers are required, both for incoming and outgoing, to map the expected fields in Cortex XSOAR and Microsoft Sentinel. However, this selection does not affect existing incidents. Newly fetched incidents will be mirrored in the chosen direction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |