Hello Community,
I am creating a dashboard for the SOAR usecase. I want to show the number of entities got enriched with the my integration. I am referring this SOAR Data Dashboard.
I have tried this query.Β
Β
$casename = case.name
$caseId = case.display_name
$env = case.environment
$env = "Default Environment"
$EntityType = case.alerts.entities.type
$EntityId = case.alerts.entities.identifier
$enriched = case.alerts.entities.enriched
$add_prop = case.alerts.entities.additional_properties
re.regex($add_prop, /IsEnriched":"True/)
$manual = case.alerts.entities.manually_created
// $manual = false
// $enriched = true
$EntityType = "ADDRESS" OR $EntityType = "FILEHASH" OR $EntityType = "DOMAIN"
match:
$env
, $caseId
, $EntityType
, $EntityId, $manual,
$add_propWhen i try this filter $enriched=true it is not returning any entity information. I have also tried to filter using regex to the additional_properties feld but no result.
I have cross checked the same case and itβs entity it is enriched. But in the dashbaord it is not reflecting.
Β
Β
Can someone guide here on how to show the enriched entity information in the SOAR Dashboard?