Adds new events to an existing NetWitness SA incident.
|Tags||RSA NetWitness Security Analytics|
This script uses the following commands and scripts.
|incidentId||The existing incident ID. (string)|
|eventList||The list of event IDs separated by a comma (,), this must not include spaces in it. In order to get list of events you can use |
|alertSummary||The short summary of the alert that will be attached to incident. (string)|
|severity||The severity of the incident. For example, 50. (number)|
|deviceId||The ID of the device/component. For example, Concentrator, Log Decoder, Packet Decoder, etc... from which the events are. The list of devices can be viewed by executing the |
|incidentManagementId||The ID of the NetWitness INCIDENT_MANAGEMENT device/component ID. It can be received by running |
There are no outputs for this script.