Skip to main content
Skip table of contents

Create Events

LAST UPDATED: AUG 19, 2024

This command is an asynchronous command designed to facilitate the creation of events in a playbook.

READER NOTE

This command is only applicable within a D3 Playbook.

Implementation

System

Command Category

System Utility

Tags

EVENT EVENT INGESTION

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Data

Required

The data used to create the event.

CODE
[
    {
        "id": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=",
        "createdDateTime": "2021-06-01T17:48:19Z",
        "lastModifiedDateTime": "2021-07-08T18:08:20Z",
        "changeKey": "CQAAABYAAAD2UOeEDDdvTIE0MwtaH4YVAABBspte",
        "categories": [],
        "receivedDateTime": "2021-06-01T17:48:19Z",
        "sentDateTime": "2021-06-01T17:47:55Z",
        "hasAttachments": true,
        "internetMessageId": "CAJW03479EfcLw8GijLw4bPUDMdy2goOqPRihd2qgPtQNM5PgQg@mail.gmail.com",
        "subject": "Report Phishing",
        "bodyPreview": "Hong He\r\n\r\nCyber Security System Engineer\r\nD3 Security Management Systems Inc.\r\n\r\nPhone: 1.778.771.3304 ext 107\r\nWebsite: http://www.d3security.com \r\n\r\n\r\n\r\nDisclaimer: This e-mail may contain confidential information and is intended for the use of the recipient",
        "importance": "normal",
        "sender": {
            "emailAddress": {
                "name": "Hong He",
                "address": "hhe@d3security.com"
            }
        },
        "toRecipients": [
            {
                "emailAddress": {
                    "name": "phish",
                    "address": "phish@d3cyber.onmicrosoft.com"
                }
            }
        ]
    }
]

Site

Required

The site where the event will be created.

CSIRT Client

Field Mapping Source

Required

The integration information where the field mapping settings will be applied in the event creation.

CODE
{

    "id": 101,

    "name": "Office365 Search"

}

Run MITRE TTP Search

Optional

Choose whether the system executes Event Automation Rules for dismissal and escalation. Default value is True

True

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
true
Raw Data

The response data from the utility command.

SAMPLE DATA

JSON
[
    {
        "isNew": true,
        "eventId": 25239,
        "eventGuid": "C1E5EC12-9806-EC11-8455-00155DD3E940",
        "data": {
            "ID": "25239",
            "EventData": {
                "id": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=",
                "createdDateTime": "2021-06-01T17:48:19Z",
                "lastModifiedDateTime": "2021-07-08T18:08:20Z",
                "changeKey": "CQAAABYAAAD2UOeEDDdvTIE0MwtaH4YVAABBspte",
                "categories": [],
                "receivedDateTime": "2021-06-01T17:48:19Z",
                "sentDateTime": "2021-06-01T17:47:55Z",
                "hasAttachments": true,
                "internetMessageId": "<CAJW03479EfcLw8GijLw4bPUDMdy2goOqPRihd2qgPtQNM5PgQg@mail.gmail.com>",
                "subject": "Report Phishing",
                "bodyPreview": "Hong He\r\n\r\nCyber Security System Engineer\r\nD3 Security Management Systems Inc.\r\n\r\nPhone: 1.778.771.3304 ext 107\r\nWebsite: www.d3security.com\r\n\r\n\r\n\r\nDisclaimer: This e-mail may contain confidential information and is intended for the use of the recipient",
                "importance": "normal",
                "sender": {
                    "emailAddress": {
                        "name": "Hong He",
                        "address": "hhe@d3security.com"
                    }
                },
                "toRecipients": [
                    {
                        "emailAddress": {
                            "name": "phish",
                            "address": "phish@d3cyber.onmicrosoft.com"
                        }
                    }
                ],
                "eventid": "123456"
            },
            "UtcEventTime": "2021-08-26 18:04:22",
            "EventIntakeTime": "2021-08-26 18:04:22",
            "EventType": "Email Alerts",
            "LogDescription": "Report Phishing",
            "OrigRecipient": "",
            "Recipient": "phish@d3cyber.onmicrosoft.com",
            "OrigSender": "",
            "Sender": "hhe@d3security.com",
            "Body": "",
            "Subject": "Report Phishing",
            "Filename": "",
            "EventKey": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=",
            "CcRecipients": "",
            "FileContent": "",
            "EventSource": "Custom",
            "DataSource": "Office365 Search",
            "EmailAddress": [
                {
                    "EmailAddress": "hhe@d3security.com",
                    "IsExternal": "1"
                }
            ]
        }
    }
]
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.