Add New Artifacts in Event Playbook
LAST UPDATED: AUG 06, 2024
Adds new artifacts of the selected type to the ingested event in the event playbook.
Implementation | Python |
Command Category | System Utility |
Tags | ARTIFACTEVENT |
READER NOTE
This command is only applicable within an event Playbook’s "On Event Ingestion" trigger .
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Source Type | Required | The source type whose data will be manipulated. | Trigger Output Data |
Artifact Type | Required | The type of the artifact(s). The command supports both system artifact and user-defined artifact types. System composite artifact types include: URL, User, File, ExternalEndpoint, InternalEndpoint, EmailAddress, Process, Service, Module, Driver, Signature, Certificate, Registry. System single-field artifact types include: Username, Filename, File Hash SHA256, File Hash MD5, File Hash SHA1, Process Guid, Signature Identity, Host Name, Internal Endpoint Domain Name, Internal IP, External Endpoint Domain Name, External IP, Registry Key. If this parameter is left blank, the command will automatically detect and match system composite artifact types based on the values provided in Artifact Fields. | URL |
Artifact Fields | Required | The value of the artifact(s). For system composite artifact types, please adhere to the JSON format provided in the sample data. For single-field artifacts, an identity field must be provided along with any additional fields and reputation. |
JSON
|