Skip to main content

DefaultIncidentClassifier

This Script is part of the Deprecated Content Pack.#

Deprecated

Classifies an incident from mail.

Script Data#


NameDescription
Script Typejavascript
Tagsingestion

Inputs#


Argument NameDescription
splunkSenderThe email address from which Splunk sends emails to the mail listener.
nexposeSenderThe email address from which Nexpose sends emails to the mail listener.
defaultIncidentTypeThe incident type to be set in case the email is not from Splunk nor Nexpose.
minRiskScore
minVulnCountThe argument passed as-is to NexposeEmailParser. See its documentation for details.
sentinelOneSenderThe email address from which sentinel one sends emails to the mail listener
sentinelOneIncidentTypeThe incident type to classify sentinel one events to.

Outputs#


There are no outputs for this script.