War Room Table to Layout view

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

War Room Table to Layout view

L2 Linker

Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"

With a help of community members I was able to insert the variable IP which contains a list of IP addresses to search for (above these are hardcoded) and receive a result in War Room:

MMagdic_0-1689838826342.png

The next step is to show this table in a layout (but not using notes or evidence)?  I know I need to write an automation for this, but couldn't find something similar to guide me. Also I would like to know, how some sections in layout are created, e.g. indicators? 
Cortex XSOAR 

1 REPLY 1

L4 Transporter

Hi @MMagdic,

 

You can do this using grids or dynamic sections. Please watch the below video to learn how dynamic sections work. There is also another one on Incident Layout. 

https://www.youtube.com/watch?v=j3JRo5bgerU&t=482s
https://www.youtube.com/watch?v=Ze_SI6axXj0


If you want to add them using a grid, you need to follow the below steps:

1. Create an incident field with a grid type and define all the columns you will use.
2. Use GridFieldSetup task in playbook to define your values and columns that are the result of SearchIncidents
3. Edit your layout to add the grid field you created.

I hope my answer helps you. 



  • 1021 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!