Incident

Outputs

• Incident ID

• Incident Name

• Appliance ID

• Appliance Name

• Incident Data (Array)

• Total Incident Data

• Usernames (Array)

• Sources (Array of IPs)

• Incident Description

• Incident Category

• Incident OS

• Incident Security Layer

• Incident Status

• Incident Priority

• Incident Created At

• Incident Events Count (Num)

• Incident Correlated Values (Array of Objects)

• Raw Output

Incident Data (Array of Objects)

Example:

Usernames

Often used in Each component (loops), Add notes, Add to watch list, etc.

Sources (Array of IPs)

Often used in Each component (loops), Add notes, Add to watch list, Whois IP, Threat Intel

Incident Priority

Can be one of:

• High

• Medium

• Low

Incident Created At

Incident Correlated Values (Array of Objects)