Creates an incident inside NetWitness SA from a set of NetWitness events.
|Tags||RSA NetWitness Security Analytics|
This script uses the following commands and scripts.
|alertSummary||The short summary of the alert which will be attached to incident. (string)|
|severity||The severity level. The default set to "50". (optional string)|
|name||The name of the incident. (string)|
|assigned||Sets the assignee login name if the assignee has changed. You can execute |
|eventList||The list of event IDs separated by comma (,). This must not include spaces in it. In order to get the list of events you can should use the |
|deviceId||The ID of the device/component (Concentrator, Log Decoder, Packet Decoder, etc.) from which the events are retrieved. The list of devices can be retrieved by executing the |
|priority||The priority of the incident.|
|summary||The summary of the incident.|
|incidentManagementId||The ID of NetWitness INCIDENT_MANAGEMENT device/component ID. It can be received by running |
There are no outputs for this script.