Skip to main content

Incident Tools

incident-tools

Version: 1.7
Updated: Mar 4, 2024

Cloud SOAR

This integration is only for Cloud SOAR.

Set of scripts to perform actions within Cloud SOAR.

Actions

  • Add Entity Threat Indicator (Custom) - Mark an Entity with a predefined tag used for classification.
  • Add External Alert to Incident (Custom) - Enrich the incident with external alert data.
  • Add Incident Artifact (Custom) - Add an artifact to an incident.
  • Add Investigators (Custom) - Add investigators to an incident.
  • Add Note (Custom) - Add a note to an incident.
  • Add Users Details (Custom) - Add the user details entity to an incident.
  • Change Incident Folder (Custom) - Change the destination folder for an incident.
  • Change Incident Owner (Custom) - Change the incident's owner.
  • Close Incident (Custom) - Set incident status to closed.
  • Create Entity (Custom) - Create a new entity.
  • Create Incident From Template (Custom) - Create a new incident from an existing incident template.
  • Extract Data And Save Into Attachments (Custom) - Extract data from previous action using fields path, then save as attachments as CSV, JSON or text file.
  • Get Entity (Custom) - Get details about the provided Entity.
  • Get Incident Owner (Custom) - Get the owner of the provided incident.
  • Get Incident (Custom) - Get details of the specified incident.
  • Get War Room Timeline (Custom) - Get the War Room timeline in JSON format for the incident.
  • Incident Daemon (Daemon) - Create an incident.
  • List Entity Incidents (Custom) - List all incidents where the entity is involved in
  • List External Alerts (Custom) - List all external alerts associated with the incident.
  • List Incident Columns (Custom) - List all incident fields.
  • List Users (Enrichment) - List Users.
  • Search Entities (Custom) - Search for Entities.
  • Search Incidents (Custom) - Search for Incidents.
  • Update Entity (Custom) - Update the tags and/or the description of the Entity.
  • Update Incident Date And Time Field (Custom) - Update the date and time Incident field.
  • Update Incident Description (Custom) - Update an incident description.
  • Update Incident Field (Custom) - Update an incident field.
  • Update Incident Fields (Custom) - Update multiple incident fields.
  • Update Incident Phase (Custom) Update the incident phase.

Category

Supervised Active Intelligence Automation

Change Log

  • June 1, 2023 - First upload
  • July 7, 2023 (v1.2)
    • Updated action: Create Entity
    • Removed leading/trailing spaces
  • November 24, 2023 (v1.3)
    • Updated action: Add User Details
      • Enabled incident artifacts feature flag for User Details field (formerly, Users)
      • Added a checkbox to allow the conversion of user details to lower case
    • Changed API endpoint for resource testing
    • Improved error handling
  • December 14, 2023 (v1.4) - Added new action: Get Incident
  • February 13, 2024 (v1.5) - Fixed typo in the following actions
    • Update Incident Date And Time Field
    • Update Incident Description
    • Update Incident Field
    • Update Incident Fields
  • March 4, 2024 (v1.6) - Updated code for compatibility with Python 3.12
  • June 4, 2024 (v1.7)
    • New actions:
      • Add Entity Threat Indicator
      • Add External Alert to Incident
      • Get Entity
      • Get Incident Owner
      • Get War Room Timeline
      • Incident Daemon
      • List Entity Incidents
      • List External Alerts
      • List Incident Columns
      • Search Entities
      • Search Incidents
      • Update Entity
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.