Skip to main content

TitaniamFindIncidents

This Script is part of the TitaniamProtect Pack.#

This script is used to find protected/unprotected incidents.

Script Data#


NameDescription
Script Typepython3
Tags-
Cortex XSOAR Version6.0.0

Dependencies#


This script has no dependencies.

Inputs#


Argument NameDescription
time_frame_in_hourstime in hours to look back, when searching for incidents (default 24h).
incident_typeincident type to search on (0 or more incident types specified as comma-separated values, default is "Titaniam Protect").
source_brandsource brand to search on (0 or more source brands specified as a comma-separated values, default empty string).
max_resultsnumber of incidents matching search criteria to return in one search (default 50).
timeFieldtime field to use when searching for unprotected incidents (default "created").
protect_op"protected" or "unprotected" value. For TitaniamSync playbook, this parameter is set to "unprotected".

Outputs#


TitaniamProtect.Incidents, with incidents IDs as comma-separated values.

Examples#


Examples of invoking this script:

!TitaniamFindIncidents time_frame_in_hours="96" incident_type="Titaniam Protect" protect_op="unprotected"

Search for un-protected incidents of "Titaniam Protect" type in last 96 hours.

!TitaniamFindIncidents time_frame_in_hours="24" incident_type="Titaniam Protect" source_brand="SplunkPy" max_result="50" time_field="created" protect_op="unprotected"

Search for un-protected incidents of "Titaniam Protect" type, which source brand is "SplunkPy" in last 48 hours, based on "created" date/time field. Maximum of 50 results will be returned in a single search.

Both examples of execution of the script will generate output TitaniamProtect.Incidents, with incidents IDs as comma-separated values.