Help
FortiSOAR Discussions
alexanderchance
New Contributor

Created on ‎10-15-2024 07:24 AM

Populate alert with filehash/filepath etc

Hello,

 

I am new to FortiSOAR and need some help understanding how to achieve one of my use cases.

I am getting alerts from Microsoft Defender for Endpoint through Data Ingestion and all is well on that front. However, when an alert that indicates that a suspicious file has been observed I want to add the filename, filehash and so on to the alert with a playbook. This is where I struggle.

 

I need some pointers to know HOW to get the information from the Sourcedata to populate the alert itself. I have tried by looping through the objects array but I can't get it working.

I can provide screenshots and config if needed.

Thanks in advance

Alexander

Labels:
195
0 Kudos
1 Solution
alexanderchance
New Contributor

Created on ‎10-18-2024 02:14 AM Edited on ‎10-18-2024 02:15 AM

My problem was that the Update record step was not using the correct Record IRI, when I used the actual Record IRI it worked as intended.

View solution in original post

139
1 REPLY 1
alexanderchance
New Contributor

Created on ‎10-18-2024 02:14 AM Edited on ‎10-18-2024 02:15 AM

My problem was that the Update record step was not using the correct Record IRI, when I used the actual Record IRI it worked as intended.

140
Announcements

Welcome to your new FortiSOAR Community!

View More

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.