Demisto

Demisto is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes

Integration with LogicHub

Connecting with Demisto

To connect to Demisto following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server URL: Application server URL to connect to the Demisto. Example: abc.abcd.net or 10.10.10.10.
  • API Key: The API Key to connect to the Demisto.

Actions with Demisto

Create Incident

Create a single incident.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template for Name: Jinja-templated text containing the incident name.
  • Jinja Template for Details (Optional): Jinja-templated text containing the details of the incident. Example: This is {{details_column_name}}.
  • Occurred (Optional): Column name from the parent table to lookup value for time, when this incident has occurred (Default is current time). Example: 2020-07-24T16:54:02+03:00.
  • Jinja Template for Roles (Optional): Jinja-templated text containing the comma separated list of role assigned to this investigation. Example: {{roles_column_name1}}, {{roles_column_name2}}.
  • Type (Optional): Select a value for type to lookup (Default is Unclassified).
  • Severity (Optional): Select a value for severity to lookup (Default is Unknown).
  • Jinja Template for Labels (Optional): Jinja-templated text containing the comma separated list of labels related to incident. Example: {{labels_column_name1}}, {{labels_column_name2}}.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Incident details

Did this page help you?