https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/custom-fetch-incidents/m-p/551546#M2416 <P>Hi, I want to use Exabeam integration in XSOAR but not to fetch incidents (incident responder) as it is currently set in fetch-incidents command, that is in fetch_incidents function. <BR /><BR />The plan would be to fetch with get-notable-users command, which produces this result (context-data), when using '<SPAN class="parent-entry-label ellipsis show-as-link" title="!exabeam-get-notable-users time_period=&quot;1 month&quot; limit=&quot;1&quot; (Exabeam[Plinacro-Exabeam-UEBA])">!exabeam-get-notable-users time_period="1 month" limit="1"</SPAN><SPAN class="parent-entry-source ellipsis" title="Plinacro-Exabeam-UEBA">(Exabeam)' in CLI:<BR /></SPAN><BR />RiskScore:null<BR />HighestRiskSession:{} 17 items<BR />numOfAssets:11<BR />riskScore:188<BR />numOfAccounts:1<BR />accounts:[] 1 item<BR />0:someusername<BR />zones:[] 4 items<BR />0:servers_0<BR />1:servers_1<BR />3:servers_2<BR />endTime:1688539545557<BR />numOfZones:4<BR />startTime:1688453145557<BR />loginHost:somehost<BR />sessionId:someusername-20230704064545<BR />numOfReasons:46<BR />label:<BR />username:someusername<BR />numOfSecurityEvents:0<BR />numOfEvents:23583<BR />riskTransferScore:39.370000000000005<BR />initialRiskScore:12<BR />UserFullName:Some Username<BR />LastActivity:Account is active<BR />EmployeeType:null<BR />FirstSeen:2023-03-01T13:33:53.253000</P> <P>&nbsp;</P> <P>Now, the plan is to use get-notable-users to create incidents in xsoar, then create custom classifier, etc..<BR /><BR />Is there any tutorial explaining this case?</P> <P>&nbsp;</P> <P>Attached is Exabeam original integration Python file.<BR /><LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;<BR /><BR /></P> <P><LI-WRAPPER></LI-WRAPPER></P> Fri, 28 Jul 2023 07:14:05 GMT MMagdic 2023-07-28T07:14:05Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/custom-fetch-incidents/m-p/551546#M2416 <P>Hi, I want to use Exabeam integration in XSOAR but not to fetch incidents (incident responder) as it is currently set in fetch-incidents command, that is in fetch_incidents function. <BR /><BR />The plan would be to fetch with get-notable-users command, which produces this result (context-data), when using '<SPAN class="parent-entry-label ellipsis show-as-link" title="!exabeam-get-notable-users time_period=&quot;1 month&quot; limit=&quot;1&quot; (Exabeam[Plinacro-Exabeam-UEBA])">!exabeam-get-notable-users time_period="1 month" limit="1"</SPAN><SPAN class="parent-entry-source ellipsis" title="Plinacro-Exabeam-UEBA">(Exabeam)' in CLI:<BR /></SPAN><BR />RiskScore:null<BR />HighestRiskSession:{} 17 items<BR />numOfAssets:11<BR />riskScore:188<BR />numOfAccounts:1<BR />accounts:[] 1 item<BR />0:someusername<BR />zones:[] 4 items<BR />0:servers_0<BR />1:servers_1<BR />3:servers_2<BR />endTime:1688539545557<BR />numOfZones:4<BR />startTime:1688453145557<BR />loginHost:somehost<BR />sessionId:someusername-20230704064545<BR />numOfReasons:46<BR />label:<BR />username:someusername<BR />numOfSecurityEvents:0<BR />numOfEvents:23583<BR />riskTransferScore:39.370000000000005<BR />initialRiskScore:12<BR />UserFullName:Some Username<BR />LastActivity:Account is active<BR />EmployeeType:null<BR />FirstSeen:2023-03-01T13:33:53.253000</P> <P>&nbsp;</P> <P>Now, the plan is to use get-notable-users to create incidents in xsoar, then create custom classifier, etc..<BR /><BR />Is there any tutorial explaining this case?</P> <P>&nbsp;</P> <P>Attached is Exabeam original integration Python file.<BR /><LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;<BR /><BR /></P> <P><LI-WRAPPER></LI-WRAPPER></P> Fri, 28 Jul 2023 07:14:05 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/custom-fetch-incidents/m-p/551546#M2416 MMagdic 2023-07-28T07:14:05Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/custom-fetch-incidents/m-p/551585#M2420 <P>Hi,</P> <P>&nbsp;</P> <P>Please refer to the developer docs or use other existing integrations for example.&nbsp;<BR /><BR /></P> <P><A href="https://xsoar.pan.dev/docs/integrations/fetching-incidents" target="_self">https://xsoar.pan.dev/docs/integrations/fetching-incidents</A>&nbsp;</P> Fri, 28 Jul 2023 12:51:08 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/custom-fetch-incidents/m-p/551585#M2420 bhmurali 2023-07-28T12:51:08Z