Demisto - Create Incident per Asset
  • 20 Dec 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Demisto - Create Incident per Asset

  • Dark
    Light
  • PDF

Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

  • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonious. You can change the name according to your needs.
  • Add description (optional) - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
  • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
  • Action name - The name of the Main action. A default value is added by Axonious. You can change the name according to your needs.
  • Configure Action Conditions - Toggle on to enter a condition statement. See Configuring Enforcement Action Conditions to learn more about condition statement syntax.

Connection Settings

  1. Demisto domain (required) - The IP address or URL for the Demisto server.
  2. User name and Password (required) - To connect to Demisto, provide credentials for a user with action privileges.
  3. Client ID (optional) - The client associated with the incident.
  4. Verify SSL (required, default: True) - Verify the SSL certificate offered by the host supplied in Demisto domain. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
  5. HTTPS proxy (optional, default: empty) - A proxy to use when connecting to Demisto domain.
    • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
    • If not supplied, Axonius will connect directly to the host defined for this connection.

Action Settings

  1. Authentication Method (required) - Select the authentication method the Enforcement Action should use:
    • Username and Password
    • API Key
  2. Number of parallel workers (required) - The number of parallel requests to send at once.
  3. Incident details (required) - The details of the incident.
  4. Customer display name (optional) - The customer name related to the incident.
  5. Priority (required, default: 4) - The incident priority.
  6. Source (optional) - The incident source.
  7. Category (optional) - The incident category.
  8. Incident type (optional) - The incident type.
  9. Incident labels (required) - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.
  10. Status (optional) - The status of the incident.

For more details about other Enforcement Actions available, see Action Library.


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.