10-09-2023 11:15 PM - edited 10-09-2023 11:18 PM
Hello,
We have integrated QRadar with Cortex XSOAR. I am creating playbook that should be sending email to the Client for triggered alert. Now, I wanted to events fields, Virus total reputation that shows in analysis in the email body. Questions are,
How to add event's fields in the email body via variables?
How to add reputation from integrated TI i.e., Virus Total etc in the email body via variables?
How to set "To" and "CC" Matrix automatically based on Client Name (Domain name) and Log Source Type?
How to attached offense logs to email that we gonna send to the client?
How to perform Query for specific indicators of alert and add that logs as attachment in the email that we gonna send to the client?
Cortex XSOAR
10-12-2023 05:52 PM
In order to add items to an email via a variable you will need to wrap the context key in ${}. This will reference the value for that context key when the email is sent. As long as the information you are looking to include is in the context then you can use it this way. This page details that under Search context data. In order to attach a file to the email, you will want to make sure to add the file name to the attachNames field for send-mail as well as the file entry ID to the attachIDs field.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
