alertTriage
Log triaged alert information
Adds a step that logs that an Alert has been triaged.
One can add details about the alert and description about the steps taken in triaging the alert.
Operator Usage in Easy Mode
- Click + on the parent node.
- Search for Alert Triage operator in the search field and select the operator from the Results to open the operator form.
- In the Table drop-down, enter or select a table from which to source the data.
- In the Details field, enter the alert details.
- In the Description field, enter a description of the triaged alert.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Usage Details
alertTriage(table: TableReference, details: String, description: String)
Input
table: Table Name
details: Alert Details
description: Description of Triaged Alert
Output
Same as the input table. Additionally, logs triage-info and is available in System_Event_Type event-type.
Example
Input = alertTriageNode
alertTriage(alertTriageNode, "IP is malicious", "block this IP")
Output
| IP | Details | Description |
|---|---|---|
| 12.32.12.10 | IP is malicious | block this IP |
| 12.32.12.1 | IP is malicious | block this IP |
Note
IP column is present in parent table 'alertTriageNode'.
Updated about 1 year ago