Skip to main content

Penfield

This Integration is part of the PenfieldAI Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

The penfield-get-assignee command takes in necessary context data, and returns the analyst that Penfield believes the incident should be assigned to based on Penfield's models of skill and process. The test command verfies that the endpoint is reachable. This integration was integrated and tested with version 0.1.4 of Penfield

Configure Penfield in Cortex#

ParameterDescriptionRequired
Your server URLTrue
API KeyThe API Key to use for connectionTrue
Trust any certificate (not secure)Trust any certificate (not secure).False
Use system proxy settingsUse system proxy settings.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

penfield-get-assignee#


Calls the Penfield API and returns the analyst Penfield recommends assigning the incident to. This information is saved in the output, but the incident will not be automatically assigned.

Base Command#

penfield-get-assignee

Input#

Argument NameDescriptionRequired
analyst_idsAn array of XSOAR analyst IDs for Penfield to choose from when determining who to assign to.Required
categoryThe category of the incident to assign. Can be taken from incident Context Data.Required
createdThe creation_date of the incident to assign. Can be taken from incident Context Data.Required
idThe id of the incident to assign. Can be taken from incident Context Data.Required
nameThe name of the incident to assign. Can be taken from incident Context Data.Required
severityThe severity of the incident to assign. Can be taken from incident Context Data.Required

Context Output#

ParameterDescription
Penfield.RecommendedThe analyst Penfield recommends assigning this incident too.

Command Example#

!penfield-get-assignee analyst_ids=['analystid1', 'analystid2'] category='my cat' created='2021-09-13T01:58:22.621033322Z' id=34 name='big rootkit attack' severity='High'

Human Readable Output#

peter