I need to report SOAR cases by bespoke cateogries:
A good way to add tags to my SOAR cases uses the SIEM rule syntax meta section ("meta: "; e.g I add something like: report_category = "UnAuthorized Access"
But I'm struggling to see how I can use these as tags to define categories in the SOAR
...also struggling to see how I can use anything except strings in the alert names for this purpose either. [EDIT: I can't even recall what I meant here - 😞 ]
Anyone have any luck creating metrics reporting cases per bespoke category? or even by ATT&CK category.
The in each playbook add "Siemplify - Case Tag" action to assign the mitre attack technique as tag to the case
Once assigned, you will be able to generate reports and dashboard using that assigned tag.
I hope this workaround can help you.
Will you please explain more about your question " how I can use anything except strings in the alert names for this purpose either." ? are you asking about alert name or case name?
The in each playbook add "Siemplify - Case Tag" action to assign the mitre attack technique as tag to the case
Once assigned, you will be able to generate reports and dashboard using that assigned tag.
I hope this workaround can help you.
Will you please explain more about your question " how I can use anything except strings in the alert names for this purpose either." ? are you asking about alert name or case name?
