Observables Actions
Create Observable
Adding an Observable to a Case by filling in parameters in the step.
| Parameter | Description |
|---|---|
| Observable | The Observable ID |
| Name | The updated name of the Observable |
| Observable Type | The type of Observable |
| Content | The content value of the Observable |
| Verdict | The verdict type: Unknown, Benign,Suspicious, Malicious |
| Description | A brief explanation explaining the Observable |
| Enrichment Data | The enrichment data that provides additional information and context on the observable. |
| Custom Fields(JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
| Advanced- Dedup Table | The selected table to evaluate the duplicated condition (Dedup Condition)against. |
| Advanced- Dedup Condition | The duplicate condition to check wether to insert the record or not. When the condition is met, the record will not be inserted. |
| Advanced- Linked Observables | The Name and ID of the Observable you want to link to this Observable |
| Advanced- Linked Alerts | The Name and ID of the Alert you want to link to this Observable. |
| Advanced- Linked Attachments | The Name and ID of the Attachment you want to link to this Observable. |
| Advanced- Linked Tasks | The Name and ID of the Tasks you want to link to this Observable. |
| Advanced- Linked Cases | The Name and ID of a different Case you want link to this Observable |
Delete Observable
Deleting an Observable from a Case by filling in parameters in the step.
| Parameter | Description |
|---|---|
| Observable ID | The ID of the Observable: can be the id or the observable_id field of the observable |
Update Observable
Updating an already existing Observable in a Case by filling in the following parameters in the step. This action overwrites all of the Observable's data.
| Parameter | Description |
|---|---|
| Observable | The Observable ID |
| Name | The updated name of the Observable |
| Observable Type | The type of Observable |
| Content | The content value of the Observable |
| Verdict | Verdict type Unknown, Benign,Suspicious, Malicious |
| Description | A brief explanation explaining the Observable |
| Enrichment Data | The enrichment data that provides additional information and context on the observable |
| Custom Fields(JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
