FindSimilarIncidents doesn't work

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

FindSimilarIncidents doesn't work

L1 Bithead

Hello all,

 

We're trying to develop a playbook that first look at similar incident (FindSimilarIncidents) before proceeding but it isn't able to find any similar incident (even when we have duplicate of the current incident).

 

For a bit of context this playbook is executed from the result of a Tenable scan when vulnerabilities are identified. For each vulnerability there's an incident with the impacted hosts. We're trying to match incident with same plugin id from older scan. The plugin id is in an incident key called vulnerabilitypluginid.

 

We're executing the following command which return no duplicate incident:

!FindSimilarIncidents similarIncidentKeys=vulnerabilitypluginid

AlexandreBorgo_0-1631284094703.png

 

And when we use the Incidents page to search similar incident base on the vulnerabilitypluginid we obtain the good result:

-id:82248 and vulnerabilitypluginid:100634 and created:>="2021-09-07T13:51:17.761721+00:00" and created:<"2021-09-10T13:51:17.761721+00:00" and -status:Closed

AlexandreBorgo_2-1631284374214.png

 

When trying the same with the incident key name (same plugin id = same vuln will have the same name) instead of vulnerabilitypluginid we get the good result:

!FindSimilarIncidents similarIncidentKeys=name

AlexandreBorgo_1-1631284184311.png

 

Could you help us understand why we cannot obtain similar incident with our incident key vulnerabilityplugindid from the automation FindSimilarIncidents please ?

 

Thanks a lot for reading this post.

 

Regards,

Alexandre

 

 

 

 

3 REPLIES 3

L2 Linker

I think similarIncidentKeys is deprecated. Try to use only similarIncidentFields.
And if that still not works, then use similarIncidentKeys=incident.vulnerabilityplugindid  with incident prefix

Hello Aazadaliyev,

 

Thank for your reply. I tested both solution but they're not working.

 

AlexandreBorgo_0-1631636235605.pngAlexandreBorgo_1-1631636265144.png

 

the issue doesn't seem to be on finding the key but during the comparaison?

L2 Linker

What is the type of the field? Number or string?

  • 2576 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!