Is there a way to set additional data for a case in a similar way it can be set per alert?
I use
siemplify.update_alerts_additional_data
in an action to set something for an alert, but is there a way to set OFFENSE_ID for a case (from a job)? I see
siemplify.set_context_property
but does that work from a job?
Is there a way to set additional data for a case in a similar way it can be set per alert?
+3
Have you checked out
siemplify.set_case_context_property(key,value)
? I’m not sure if OFFENSE_ID is reserved but I use this for setting what are effectively environmental variables.
https://cloud.google.com/chronicle/docs/soar/reference/siemplify-action-module#set_case_context_property
+3I tried that but it didn't seem to be available from a SiemplifyJob class. Not sure if I'm missing something
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.