07-20-2023 12:44 AM
Hi, I am building the playbook, where I have one task that is searching for incidents using the query as in:
!SearchIncidentsV2 query="type:FireEye NX Alert and fireeyenxalertvictimip:11.11.11.11 or 134.122.90.162"
With a help of community members I was able to insert the variable IP which contains a list of IP addresses to search for (above these are hardcoded) and receive a result in War Room:
The next step is to show this table in a layout (but not using notes or evidence)? I know I need to write an automation for this, but couldn't find something similar to guide me. Also I would like to know, how some sections in layout are created, e.g. indicators?
Cortex XSOAR
07-20-2023 01:10 AM
Hi @MMagdic,
You can do this using grids or dynamic sections. Please watch the below video to learn how dynamic sections work. There is also another one on Incident Layout.
https://www.youtube.com/watch?v=j3JRo5bgerU&t=482s
https://www.youtube.com/watch?v=Ze_SI6axXj0
If you want to add them using a grid, you need to follow the below steps:
1. Create an incident field with a grid type and define all the columns you will use.
2. Use GridFieldSetup task in playbook to define your values and columns that are the result of SearchIncidents
3. Edit your layout to add the grid field you created.
I hope my answer helps you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
