![]() ![]() Typically a string such as "network" or "host" etc. Helps to identify the content of this artifact. ![]() A simple string can also be used for a single tag. the container was retrieved from a SIEM, this is the ID in the SIEM)ĭate and time (in UTC) when the behavior tracked by the container started.Ġ or more tags associated with the asset. ![]() ID which can be used to find this container in the source product. You can set a container's severity to Low, Medium, or High with this endpoint even if those severity names have been deleted by the administrator. if you add a high severity artifact to a medium severity container, the container will be changed to severity high. If the severity level of the artifact is higher than the current severity level of the container, then the container's severity will be changed to match the artifact. Either one of Low, Medium, or High or else a custom severity name set by an administrator. Helps to determine the SLA applied to Actions related to the container. The severity level of the artifact you are adding. Not an artifact data field: This parameter instructs Phantom to run automation upon creation or update of the artifact, and defaults to True. ID of the user who should own the artifact. ID of the app which produced the artifact. The artifact will "belong" to this container.ĭate and time (in UTC) when the behavior tracked by the container stopped. Values should be a list of strings where the strings are standard "contains" data types such as "ip" or "pid" etc. Object keys should be keys in the "cef" object. formerly Splunk Phantom Splunk SOAR Features Main Dashboard Splunk SOAR’s Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more. An argument string must include the following fields: container_id.Ĭontains standard fields available in the Common Event Format.Īllows association of "contains" information to custom CEF fields. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |