Insights
Overview
Set of insight actions created to power up playbook capabilities.
Actions
Create Entity Insight From Enrichment
Description
Creates an entity insight from an enrichment action.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
| Message | String | N/A | Yes | Specify a formatted string that incorporates entity enrichment. |
| Triggered By | String | Siemplify | No | Specify the name of the integration that should be associated with the insight. |
Example
In this scenario, we’re pulling results from a previous virustotal enrichment action and creating insight with a message, which will be displayed in the case overview in the “Insights” section.
Action Configurations
| Parameter | Value |
| Entities | All entities |
| Message | Is Risky: [VirusTotalV3_Enrich IP_1.JsonResult | "is_risky"] |
| Triggered By | VirusTotal |
Action Results
- Script Result
| Script Result Name | Value options | Example |
| ScriptResult | True/False | true |
Create Entity Insight From JSON
Description
Creates an entity insight from an enrichment action.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
| JSON | JSON | N/A | Yes | Specify the JSON that will be used to produce entity insight. |
| Identifier KeyPath | String | N/A | Yes | Specify the key path where to find the entity identifier to match the insight with the associated entity. |
| Message | String | N/A | Yes | Specify the formatted string that incorporates entity enrichment. |
| Triggered By | String | Siemplify | No | Specify the name of the integration that should be associated with the insight. |
Example
In this scenario, we’re creating an entity insight based on an IP entity from a JSON.
Action Configurations
In this scenario, we're creating an entity insight based on an IP entity from a JSON.
| Parameter | Value |
| Entities | All entities |
| JSON | [{"ip":"172.26.240.1","vt_score":"4"}] |
| Identifier KeyPath | ip |
| Message | VirusTotal Score |
| Triggered By | VirusTotal |
Action Results
- Script Result
| Script Result Name | Value options | Example |
| ScriptResult | True/False | true |
Create Entity Insight From Multiple JSONs
Description
Creates an entity insight from an enrichment action.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
| Fields4 | String | N/A | No | Specify the fields that will be extracted from the fourth JSON string. |
| JSON4 | JSON | N/A | No | Specify the fourth JSON string to be parsed for the insight. |
| Title5 | String | N/A | No | Specify the title to be used for the fifth entity section. |
| Fields5 | String | N/A | No | Specify the fields that will be extracted from the fifth JSON string. |
| JSON5 | JSON | N/A | No | Specify the fifth JSON string to be parsed for the insight. |
| Placeholder Separator | String | , | No | Specify string that will break the lines. |
| Title1 | String | N/A | No | Specify the title to be used for the first entity section. |
| Fields1 | String | N/A | No | Specify the fields that will be extracted from the first JSON string |
| JSON1 | JSON | N/A | No | Specify the first JSON string to be parsed for the insight. |
| Title2 | String | N/A | No | Specify the title to be used for the second entity section. |
| Fields2 | String | N/A | No | Specify the fields that will be extracted from the second JSON string |
| JSON2 | JSON | N/A | No | Specify the second JSON string to be parsed for the insight. |
| Title3 | String | N/A | No | Specify the title to be used for the third entity section. |
| Fields3 | String | N/A | No | Specify the fields that will be extracted from the third JSON string |
| JSON3 | JSON | N/A | No | Specify the third JSON string to be parsed for the insight. |
| Title4 | String | N/A | No | Specify the title to be used for the fourth entity section. |
Example
In this scenario, we’re creating an entity insight based on an IP entity and enriching it with VirusTotal and Crowdstrike information.
Action Configurations
| Parameter | Type |
| Entities | All entities |
| Fields4 | Blank |
| JSON4 | Blank |
| Title5 | Blank |
| Fields5 | Blank |
| JSON5 | Blank |
| Placeholder Separator | Blank |
| Title1 | Virustotal Score |
| Fields1 | Entity |
| JSON1 | [{"Entity": "172.26.240.1", "vt_score":"4",
"EntityResult":"true"}] |
| Title2 | Crowdstrike Score |
| Fields2 | Entity |
| JSON2 | [{"Entity": "172.26.240.1", "crowdstrike_score":"4",
"EntityResult":"true"}] |
| Title3 | Blank |
| Fields3 | Blank |
| JSON3 | Blank |
| Title4 | Blank |
Action Results
- Script Result
| Script Result Name | Value options | Example |
| ScriptResult | True/False | true |