Incident | IRP Playbooks

Outputs

Incident ID
Incident Name
Appliance ID
Appliance Name
Total Incident Data
Incident Description
Incident Category
Incident OS
Incident Security Layer
Incident Status
Incident Events Count (Num)
Raw Output

Incident Data (Array of Objects)

Example:

Usernames

["root", "john", "mike"]

Sources (Array of IPs)

[168.26.26.26, 123.15.15.15, 45.55.68.3]

Incident Priority

Can be one of:

High
Medium
Low

Incident Created At

2020-09-30T07:16:00.262+00:00

Incident Correlated Values (Array of Objects)

[{"qk":"src","counts":2,"value":"185.132.53.115"}]