+8Hello all,
I need to create some automate TAGs depend con the value of the hostname.
Example if a host is from Belgium: BEL-XXX, if its from Brazil: BRA-XXX.
Well i thought about the funcion on SOAR casa data→ TAGS.
Teh proble here, is i have more than 1 product in incoming alerts, and in one alert the entity is saved in host_name entity, in other deviceDNSname...etc…
So, is there any solution or best practice for this?
Thanks!
+11Are the alerts being handled by the same playbook? If not, you could customize by alert, otherwise would need to use conditions and assign the tag based on those conditional checks.
+8Are the alerts being handled by the same playbook? If not, you could customize by alert, otherwise would need to use conditions and assign the tag based on those conditional checks.
Hi!
No, there are different playbooks, i have to check the field “hostname” in different alerts from diferents products. The only one giving me problems right now is Cortex XDR, under the host_name field.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
