.png?sv=2019-07-07&sig=UhrbhrglDxZ00kvKJ%2FjV34AJri%2B92cm4J%2BdrencAnoM%3D&spr=https%2Chttp&st=2023-11-30T05%3A06%3A17Z&se=2023-11-30T05%3A16%3A17Z&srt=o&ss=b&sp=r){kind=logo}
Demisto - Create Incident per Asset
- 16 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Demisto - Create Incident per Asset
- Updated on 16 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapter Fetch History and Asset Investigation Modules
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Required Fields
These fields must be configured to run the Enforcement Set.
- Demisto domain - The IP address or URL for the Demisto server.
- API Key - The API key.
- Incident details - The details of the incident.
- Severity (default: 4) - The incident priority.
- Instance Name - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.
Incident name - The name of the incident
Incident type - The incident type.
Status - The status of the incident.
Category (optional) - The incident category.
Incident labels (required) - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.
For more details about other Enforcement Actions available, see Action Library.
Was this article helpful?