Demisto - Create Incident per Asset
  • 28 Jan 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Demisto - Create Incident per Asset

  • Dark
    Light
  • PDF

Article summary

Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

  • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
  • Add description - Add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
  • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
  • Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  • Demisto domain - The IP address or URL for the Demisto server.
  • API Key - The API key.
  • Incident details - The details of the incident.
  • Severity (default: 4) - The incident priority.
  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  • HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  • HTTPS Proxy Password - The password to use when connecting to the server using the  HTTPS Proxy.

  • Incident name - The name of the incident
  • Incident type - The incident type.
  • Status - The status of the incident.
  • Category - The incident category.
  • Incident labels - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.

For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?