Hi all, can anybody explain to me what values I have to use to get the "Entity Insight from JSON" action to work? The values from the official docu aren't working for me:
View files in slack
Page 1 / 1
To use this action you need the following:
1. Entities - the action will only create insights for entities that are involved in the alert.
2. JSON - the json must be a list of results, and each result should have a field with the entity identifier to match the results with the right entity.
For example, if we want to create an insight for the entity "1.1.1.1", it must exists as an entity in the alert, and the JSON must have an element that indicates which entity the result belongs to, for example:
[{"ip_address": "1.1.1.1", "score": 5}, {"ip_address": "2.2.2.2", "score": 4}]
Now you can create placeholders with the data in the Message parameter. The placeholders should be between curly braces, for example: {score} Here's a working example (I've added the address 1.1.1.1 as an entity):
View files in slack
The result will look like this:
View files in slack
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.