we have created custom description UDM filed which needs to be updated using playbook with user information.
UDM fields or Event fields in the SOAR cannot be directly edited with a playbook because they are coming from the SIEM and that is our source of truth if you will.
What you are able to do though is use an action called set context value and get context value. This can be used to store information that you want to use later within your playbook or possibly even a widget.
To answer your 2nd question around alert description can you post a screenshot of what field you are trying to update? I need a little more info in order to answer that question fully.
UDM fields or Event fields in the SOAR cannot be directly edited with a playbook because they are coming from the SIEM and that is our source of truth if you will.
What you are able to do though is use an action called set context value and get context value. This can be used to store information that you want to use later within your playbook or possibly even a widget.
To answer your 2nd question around alert description can you post a screenshot of what field you are trying to update? I need a little more info in order to answer that question fully.
it is custom field which is nothing but detection_outcome_custom_description
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.