Demisto - Create Incident per Asset
  • 28 Jan 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Demisto - Create Incident per Asset

  • Dark
    Light
  • PDF

Article Summary

Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

  • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
  • Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
  • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
  • Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  • Demisto domain - The IP address or URL for the Demisto server.
  • API Key - The API key.
  • Incident details - The details of the incident.
  • Severity (default: 4) - The incident priority.
  • Instance Name - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  • HTTPS proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  • HTTPS Proxy Password - The password to use when connecting to the server using the  HTTPS Proxy.

  • Incident name - The name of the incident
  • Incident type - The incident type.
  • Status - The status of the incident.
  • Category - The incident category.
  • Incident labels - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.

For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.