Create Observable
Adding an Observable to a Case by filling in parameters in the step.| Parameter | Description |
|---|---|
| Observable | The Observable ID |
| Name | The updated name of the Observable |
| Observable Type | The type of Observable |
| Content | The content value of the Observable |
| Verdict | The verdict type: Unknown, Benign,Suspicious, Malicious |
| Description | A brief explanation explaining the Observable |
| Enrichment Data | The enrichment data that provides additional information and context on the observable. |
| Custom Fields(JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
| Advanced- Dedup Table | The selected table to evaluate the duplicated condition (Dedup Condition)against. |
| Advanced- Dedup Condition | The duplicate condition to check whether to insert the record or not. When the condition is met, the record will not be inserted. |
| Advanced- Linked Observables | The Name and ID of the Observable you want to link to this Observable |
| Advanced- Linked Alerts | The Name and ID of the Alert you want to link to this Observable. |
| Advanced- Linked Attachments | The Name and ID of the Attachment you want to link to this Observable. |
| Advanced- Linked Tasks | The Name and ID of the Tasks you want to link to this Observable. |
| Advanced- Linked Cases | The Name and ID of a different Case you want link to this Observable |
Delete Observable
Deleting an Observable from a Case by filling in parameters in the step.| Parameter | Description |
|---|---|
| Observable ID | The ID of the Observable: can be the id or the observable_id field of the observable |
Update Observable
Updating an existing observable within a Case requires filling in the specified parameters in the step. Be aware that this action will overwrite all existing data for that observable.| Parameter | Description |
|---|---|
| Observable | The Observable ID |
| Name | The updated name of the Observable |
| Observable Type | The type of Observable |
| Content | The content value of the Observable |
| Verdict | Verdict type Unknown, Benign,Suspicious, Malicious |
| Description | A brief explanation explaining the Observable |
| Enrichment Data | The enrichment data that provides additional information and context on the observable |
| Custom Fields(JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
Add or Update Observable Relation
Add or update an observable relation by filling in the following parameters in the step. This action overwrites all of the current observable’s data.Note: The “Add or Update an Observable Relation” action is the only method to directly add or modify this relation across all records that reference it.
| Parameter | Description |
|---|---|
| Alert ID | The Alert’s ID: can be the id or the alert_id field of the alert |
| Observable ID | The ID of the Observable: can be the id or the observable_id field of the observable |
| Relation | Defines the relation to update between the alert and the observable. Leave this field blank to remove the relation. |
List Observable Relation Types
List all the observable relation types by executing the ‘List Observable Relation Types’ action.