Hi,
Using playbooks in the SOAR Iβm trying to retrieve all entities from an alert in a list (preferably) or dict that indicates not only the value but also a classification of the object.
For example, if the alert has an src.ip and a dst.ip generate a dict or list like {[1.1.1.1,ip],[2.2.2.2,ip]} or similar, but taking in account that an alert can have mail addresses, hashes, all kinds of entities.
Letβs see if someone can help me.
Best regards.
Β