Insights

Supported in:

Overview

Set of insight actions created to power up playbook capabilities.

Actions

Create Entity Insight From Enrichment

Description

Creates an entity insight from an enrichment action.

Parameters

Parameter Type Default Value Is Mandatory Description
Message String N/A Yes Specify a formatted string that incorporates entity enrichment.
Triggered By String Siemplify No Specify the name of the integration that should be associated with the insight.

Example

In this scenario, we’re pulling results from a previous virustotal enrichment action and creating insight with a message, which will be displayed in the case overview in the “Insights” section.

Action Configurations

Parameter Value
Entities All entities
Message Is Risky: [VirusTotalV3_Enrich IP_1.JsonResult | "is_risky"]
Triggered By VirusTotal

Action Results

  • Script Result
Script Result Name Value options Example
ScriptResult True/False true

Create Entity Insight From JSON

Description

Creates an entity insight from an enrichment action.

Parameters

Parameter Type Default Value Is Mandatory Description
JSON JSON N/A Yes Specify the JSON that will be used to produce entity insight.
Identifier KeyPath String N/A Yes Specify the key path where to find the entity identifier to match the insight with the associated entity.
Message String N/A Yes Specify the formatted string that incorporates entity enrichment.
Triggered By String Siemplify No Specify the name of the integration that should be associated with the insight.

Example

In this scenario, we’re creating an entity insight based on an IP entity from a JSON.

Action Configurations

In this scenario, we're creating an entity insight based on an IP entity from a JSON.

Parameter Value
Entities All entities
JSON [{"ip":"172.26.240.1","vt_score":"4"}]
Identifier KeyPath ip
Message VirusTotal Score
Triggered By VirusTotal

Action Results

  • Script Result
Script Result Name Value options Example
ScriptResult True/False true

Create Entity Insight From Multiple JSONs

Description

Creates an entity insight from an enrichment action.

Parameters

Parameter Type Default Value Is Mandatory Description
Fields4 String N/A No Specify the fields that will be extracted from the fourth JSON string.
JSON4 JSON N/A No Specify the fourth JSON string to be parsed for the insight.
Title5 String N/A No Specify the title to be used for the fifth entity section.
Fields5 String N/A No Specify the fields that will be extracted from the fifth JSON string.
JSON5 JSON N/A No Specify the fifth JSON string to be parsed for the insight.
Placeholder Separator String , No Specify string that will break the lines.
Title1 String N/A No Specify the title to be used for the first entity section.
Fields1 String N/A No Specify the fields that will be extracted from the first JSON string
JSON1 JSON N/A No Specify the first JSON string to be parsed for the insight.
Title2 String N/A No Specify the title to be used for the second entity section.
Fields2 String N/A No Specify the fields that will be extracted from the second JSON string
JSON2 JSON N/A No Specify the second JSON string to be parsed for the insight.
Title3 String N/A No Specify the title to be used for the third entity section.
Fields3 String N/A No Specify the fields that will be extracted from the third JSON string
JSON3 JSON N/A No Specify the third JSON string to be parsed for the insight.
Title4 String N/A No Specify the title to be used for the fourth entity section.

Example

In this scenario, we’re creating an entity insight based on an IP entity and enriching it with VirusTotal and Crowdstrike information.

Action Configurations

Parameter Type
Entities All entities
Fields4 Blank
JSON4 Blank
Title5 Blank
Fields5 Blank
JSON5 Blank
Placeholder Separator Blank
Title1 Virustotal Score
Fields1 Entity
JSON1 [{"Entity": "172.26.240.1", "vt_score":"4",

"EntityResult":"true"}]

Title2 Crowdstrike Score
Fields2 Entity
JSON2 [{"Entity": "172.26.240.1", "crowdstrike_score":"4",

"EntityResult":"true"}]

Title3 Blank
Fields3 Blank
JSON3 Blank
Title4 Blank

Action Results

  • Script Result
Script Result Name Value options Example
ScriptResult True/False true