Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-15-2023 09:53 PM
Hi!
I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answers.0" key from all of them.
I thought of using SearchIncidentsV2 but it does not seem to include specific context key.
Any suggestions on how to automatically get that data out?
Thanks,
Antanas
11-16-2023 07:28 AM
You can use the getContext method via a custom automation script to retrieve the context from a given Incident ID. Then you'll have to get the key you're looking for.
You'll need to know the ID of the incidents you want, because as you've said, context is not searchable. It would also not be very efficient to run the getContext across a large number of Incidents to "search" for the value, better to know the ones you're looking for.
For example, if you're playbook set a field that indicated that the user did indeed respond to the data collection task, then you could search for just those ones based on the field, and pass their IDs into the automation to loop through.
If you're not familiar with how to write automations, then check out video 15 here - https://live.paloaltonetworks.com/t5/cortex-xsoar-how-to-videos/cortex-xsoar-how-to-customer-success...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
