Demisto - Create Incident per Asset
- 20 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Demisto - Create Incident per Asset
- Updated on 20 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonious. You can change the name according to your needs.
- Add description (optional) - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- Action name - The name of the Main action. A default value is added by Axonious. You can change the name according to your needs.
- Configure Action Conditions - Toggle on to enter a condition statement. See Configuring Enforcement Action Conditions to learn more about condition statement syntax.
Connection Settings
- Demisto domain (required) - The IP address or URL for the Demisto server.
- User name and Password (required) - To connect to Demisto, provide credentials for a user with action privileges.
- Client ID (optional) - The client associated with the incident.
- Verify SSL (required, default: True) - Verify the SSL certificate offered by the host supplied in Demisto domain. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
- If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
- HTTPS proxy (optional, default: empty) - A proxy to use when connecting to Demisto domain.
- If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
- If not supplied, Axonius will connect directly to the host defined for this connection.
Action Settings
- Authentication Method (required) - Select the authentication method the Enforcement Action should use:
- Username and Password
- API Key
- Number of parallel workers (required) - The number of parallel requests to send at once.
- Incident details (required) - The details of the incident.
- Customer display name (optional) - The customer name related to the incident.
- Priority (required, default: 4) - The incident priority.
- Source (optional) - The incident source.
- Category (optional) - The incident category.
- Incident type (optional) - The incident type.
- Incident labels (required) - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.
- Status (optional) - The status of the incident.
For more details about other Enforcement Actions available, see Action Library.