Skip to main content
Skip table of contents

Parse Event Raw Data to D3 Events

LAST UPDATED: AUG 19, 2024

This command is an asynchronous command designed to parse input raw data events to create D3 events.

READER NOTE

Please note that this command is only applicable within a Playbook.

Implementation

System

Command Category

Cyber Utility

Tags

EVENT EVENT INGESTION

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Event Data

Required

The input raw data of events

CODE
[
    {
        "eventType": "Webhook Event 1001",
        "Description": "This is a webhook event.",
        "SourceIPAddress": "10.10.0.116",
        "SourceHostname": "adi",
        "SourceType": "Internal Endpoint",
        "Filename": "loginscript",
        "ProcessName": "net.exe",
        "ProcessCommandLine": "admin localgroup",
        "ParentProcessName": ""
    }
]

Integration Source

Required

The name of the integration from which the events ingest

Test_Webhook

Is Directly Correlated

Required

Whether events are directly correlated to the incident

No

Run MITRE TTP Search

Optional

Choose whether the system automatically maps tactic & techniques on newly ingested events. Default value is True

True

Run Event Automation Rules

Optional

Choose whether the system executes Event Automation Rules for dismissal and escalation. Default value is True

True

Output

Key Fields

Important key-value pairs extracted from Raw Data.

SAMPLE DATA

JSON
{
  "Count": [1],
  "EventIDs": [4031]
}
Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
Succeed
Context Data

The response data from the utility command.

SAMPLE DATA

JSON
[
    {
        "Event ID": 4031,
        "Description": "This is a webhook event.",
        "Event Type": "Webhook Event 1001",
        "Filename": "loginscript",
        "Parent process name": "",
        "Process command line": "admin localgroup",
        "Process Name": "net.exe",
        "Source hostname": "adi",
        "Source IP address": "10.10 .0 .116",
        "Source type": "Internal Endpoint",
        "Source vendor name": "",
        "Tactics": "Lateral Movement",
        "Techniques": "Logon Scripts"
    }
]
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.