Demisto - Create Incident per Asset
  • 28 Jan 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Demisto - Create Incident per Asset

  • Dark
    Light
  • PDF

Article summary

Demisto - Create Incident per Asset creates an incident in Demisto for each entity retrived from the saved query supplied as a trigger (or devices selected in the asset table).

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

General Settings

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  • Demisto domain - The IP address or URL for the Demisto server.
  • API Key - The API key.
  • Incident details - The details of the incident.
  • Severity (default: 4) - The incident priority.
  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
  • HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  • HTTPS Proxy Password (optional) - The password to use when connecting to the server using the  HTTPS Proxy.
  • Incident name - The name of the incident
  • Incident type - The incident type.
  • Status - The status of the incident.
  • Category - The incident category.
  • Incident labels - Adds these labels to the incident. Multiple labels can be added. Click + to add a label. Click x next to a label to delete it.

For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?