Create Incident
LAST UPDATED: MAR 27, 2024
Escalates a newly ingested event to an incident, initializing both static and custom fields.
READER NOTE
This command is only applicable within an Event Playbook.
Implementation | System |
Command Category | System Utility |
Tags | INCIDENT INCIDENTMANAGEMENT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Incident Type | Required | The incident type. | Playbook - Phishing |
Title | Optional | The incident title. | Critical phishing incident |
Description | Optional | The incident description. | This is a phishing incident that requires investigation. |
Severity | Optional | The incident severity. | Low |
Playbook | Required | The incident playbook. | 123 |
Owner | Optional | The incident owner. | admin |
External Key | Optional | An external key is a unique key: outside of D3. Keep the field empty if you do not have one. | 20220111-1 |
Custom Fields | Optional | User defined custom fields. The field name must have the prefix "Custom" and use PascalCase format. If the name does not follow this rule, it will be converted. |
CODE
|