Version: 3.0.0

Demisto is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes.

Connect Demisto with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Demisto.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Server URL: Application server URL to connect to the Demisto. Example: or
    • API Key: The API Key to connect to the Demisto.
  4. After you've entered all the details, click Connect.

Actions for Demisto

Create Incident

Create a single incident.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Jinja Template for NameJinja-templated text containing the incident name.Required
Jinja Template for DetailsJinja-templated text containing the details of the incident. Example: This is {{details_column_name}}.Optional
OccurredColumn name from the parent table to lookup value for time, when this incident has occurred (Default is current time). Example: 2020-07-24T16:54:02+03:00.Optional
Jinja Template for RolesJinja-templated text containing the comma separated list of role assigned to this investigation. Example: {{roles_column_name1}}, {{roles_column_name2}}.Optional
TypeSelect a value for type to lookup (Default is Unclassified).Optional
SeveritySelect a value for severity to lookup (Default is Unknown).Optional
Jinja Template for LabelsJinja-templated text containing the comma separated list of labels related to incident. Example: {{labels_column_name1}}, {{labels_column_name2}}.Optional


A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Incident details

Release Notes

  • v3.0.0 - Updated architecture to support IO via filesystem

© 2017-2021 LogicHub®. All Rights Reserved.