Create Demisto Incident per Entity
  • 23 May 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Create Demisto Incident per Entity

  • Dark
    Light
  • PDF

The Create Demisto Incident per Entity action creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).

To configure the Create Demisto Incident per Entity action, from the Action Library, click Create Incident, and then click Create Demisto Incident per Entity.

Connection Settings

  1. Demisto domain (required) - The IP address or URL for the Demisto server.
  2. User name and Password (required) - To connect to Demisto, provide credentials for a user with action privileges.
  3. Client ID (optional) - The client associated with the incident.
  4. Verify SSL (required, default: True) - Verify the SSL certificate offered by the host supplied in Demisto domain. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
  5. HTTPS proxy (optional, default: empty) - A proxy to use when connecting to Demisto domain.
    • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
    • If not supplied, Axonius will connect directly to the host defined for this connection.

Action Settings

  1. Number of parallel workers (required) - The number of parallel requests to send at once.
  2. Incident details (required) - The details of the incident.
  3. Customer display name (optional) - The customer name related to the incident.
  4. Priority (required, default: 4) - The incident priority.
  5. Source (optional) - The incident source.
  6. Category (optional) - The incident category.
  7. Incident type (optional) - The incident type.
  8. Incident labels (required) - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.
  9. Status (optional) - The status of the incident.

To learn more about configuring Enforcement Sets, see Configuring Enforcement Sets.


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.