Create Events

LAST UPDATED: AUG 19, 2024

This command is an asynchronous command designed to facilitate the creation of events in a playbook.

READER NOTE

This command is only applicable within a D3 Playbook.

Implementation	System
Command Category	System Utility
Tags	EVENT EVENT INGESTION

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Data	Required	The data used to create the event.	[ { "id": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=", "createdDateTime": "2021-06-01T17:48:19Z", "lastModifiedDateTime": "2021-07-08T18:08:20Z", "changeKey": "CQAAABYAAAD2UOeEDDdvTIE0MwtaH4YVAABBspte", "categories": [], "receivedDateTime": "2021-06-01T17:48:19Z", "sentDateTime": "2021-06-01T17:47:55Z", "hasAttachments": true, "internetMessageId": "CAJW03479EfcLw8GijLw4bPUDMdy2goOqPRihd2qgPtQNM5PgQg@mail.gmail.com", "subject": "Report Phishing", "bodyPreview": "Hong He\r\n\r\nCyber Security System Engineer\r\nD3 Security Management Systems Inc.\r\n\r\nPhone: 1.778.771.3304 ext 107\r\nWebsite: http://www.d3security.com \r\n\r\n\r\n\r\nDisclaimer: This e-mail may contain confidential information and is intended for the use of the recipient", "importance": "normal", "sender": { "emailAddress": { "name": "Hong He", "address": "hhe@d3security.com" } }, "toRecipients": [ { "emailAddress": { "name": "phish", "address": "phish@d3cyber.onmicrosoft.com" } } ] } ]
Site	Required	The site where the event will be created.	CSIRT Client
Field Mapping Source	Required	The integration information where the field mapping settings will be applied in the event creation.	{ "id": 101, "name": "Office365 Search" }
Run MITRE TTP Search	Optional	Choose whether the system executes Event Automation Rules for dismissal and escalation. Default value is True	True

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON

true

Raw Data

The response data from the utility command.

SAMPLE DATA

JSON

[
    {
        "isNew": true,
        "eventId": 25239,
        "eventGuid": "C1E5EC12-9806-EC11-8455-00155DD3E940",
        "data": {
            "ID": "25239",
            "EventData": {
                "id": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=",
                "createdDateTime": "2021-06-01T17:48:19Z",
                "lastModifiedDateTime": "2021-07-08T18:08:20Z",
                "changeKey": "CQAAABYAAAD2UOeEDDdvTIE0MwtaH4YVAABBspte",
                "categories": [],
                "receivedDateTime": "2021-06-01T17:48:19Z",
                "sentDateTime": "2021-06-01T17:47:55Z",
                "hasAttachments": true,
                "internetMessageId": "<CAJW03479EfcLw8GijLw4bPUDMdy2goOqPRihd2qgPtQNM5PgQg@mail.gmail.com>",
                "subject": "Report Phishing",
                "bodyPreview": "Hong He\r\n\r\nCyber Security System Engineer\r\nD3 Security Management Systems Inc.\r\n\r\nPhone: 1.778.771.3304 ext 107\r\nWebsite: www.d3security.com\r\n\r\n\r\n\r\nDisclaimer: This e-mail may contain confidential information and is intended for the use of the recipient",
                "importance": "normal",
                "sender": {
                    "emailAddress": {
                        "name": "Hong He",
                        "address": "hhe@d3security.com"
                    }
                },
                "toRecipients": [
                    {
                        "emailAddress": {
                            "name": "phish",
                            "address": "phish@d3cyber.onmicrosoft.com"
                        }
                    }
                ],
                "eventid": "123456"
            },
            "UtcEventTime": "2021-08-26 18:04:22",
            "EventIntakeTime": "2021-08-26 18:04:22",
            "EventType": "Email Alerts",
            "LogDescription": "Report Phishing",
            "OrigRecipient": "",
            "Recipient": "phish@d3cyber.onmicrosoft.com",
            "OrigSender": "",
            "Sender": "hhe@d3security.com",
            "Body": "",
            "Subject": "Report Phishing",
            "Filename": "",
            "EventKey": "AAMkAGEwMTUwYmI5LTdjMTgtNDE2NC05YzRkLTZmY2I2N2_taH4YVAAAAAAEMAAD2UOeEDDdvTIE0MwtaH4YVAAAoqxp3AAA=",
            "CcRecipients": "",
            "FileContent": "",
            "EventSource": "Custom",
            "DataSource": "Office365 Search",
            "EmailAddress": [
                {
                    "EmailAddress": "hhe@d3security.com",
                    "IsExternal": "1"
                }
            ]
        }
    }
]