IRP Playbooks
  • Initial page
  • Output Types
    • Number (Num)
    • Arrays
    • Objects
    • HR (Human Readable)
  • Components
    • Notifications
      • Send SMS
    • Start Playbook (Required)
      • Incident
    • Investigation
      • SearchEvents
      • SearchLogs
      • SearchWatchList
      • SearchIncidentData
    • Incident Response
      • AbuseEmail
    • Mange Incident
      • AddNote
      • Resolve
      • Escalate
      • AddToWatchList
    • Enrichements
      • Virustotal
      • ThreatIntel
      • WhoisURL
      • GeoIP
      • DomainAvailability
    • Filters
      • Each
    • Controls
      • PublicIp
  • Version
    • Changelog
Powered by GitBook
On this page
  • Inputs
  • Outputs
  1. Components
  2. Investigation

SearchIncidentData

Search data whithin an incident.

PreviousSearchWatchListNextIncident Response

Last updated 4 years ago

Inputs

  • Search Query

  • Search MITRE (Boolean)

Outputs

  • Total Results

  • Incident Data (Array)

MITRE IDs (Array)

["T1055","T1083"]

MITRE Tactics (Array)

["Defense Evasion","Privilege Escalation","Discovery"]

MITRE Techniques (Array)

["Process Injection", "File and Directory Discovery"]

MITRE Summary (HR)

Techniques: Process Injection,File and Directory Discovery
Tactics: Defense Evasion,Privilege Escalation,Discovery
IDs: T1055,T1083
MITRE IDs (Array)
MITRE Tactics (Array)
MITRE Techniques (Array)
MITRE Summary (HR)