I am new to FortiSOAR and need some help understanding how to achieve one of my use cases.
I am getting alerts from Microsoft Defender for Endpoint through Data Ingestion and all is well on that front. However, when an alert that indicates that a suspicious file has been observed I want to add the filename, filehash and so on to the alert with a playbook. This is where I struggle.
I need some pointers to know HOW to get the information from the Sourcedata to populate the alert itself. I have tried by looping through the objects array but I can't get it working.
I can provide screenshots and config if needed.
Thanks in advance
Alexander
Solved! Go to Solution.
My problem was that the Update record step was not using the correct Record IRI, when I used the actual Record IRI it worked as intended.
My problem was that the Update record step was not using the correct Record IRI, when I used the actual Record IRI it worked as intended.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.