Skip to main content

TitaniamProtectIncident

This Script is part of the TitaniamProtect Pack.#

TitaniamProtectIncident script is used to apply encode/decode operation on one or more incidents.

Script Data#


NameDescription
Script Typepython3
Tags-
Cortex XSOAR Version6.0.0

Dependencies#


This script uses the following commands.

  • titaniamprotect-encode
  • titaniamprotect-decode

Inputs#


Argument NameDescription
incident_idZero or more incident IDs, comma separated (if omitted, will protect current incident)
operationprotect | protect-masked | protect-tangled | unprotect.

Outputs#


There are no outputs for this script.

Examples#


Examples of invoking this script:

!TitaniamProtectIncident incident_id="225,226,227,228" operation="protect-masked"

Encode list of incidents, specified with comma-separated values incidents IDs (225,226,227,228). Display format for protected fields of encoded incidents is a mask in the form of "xxx". When invoked on already encoded incidents this command doesn't have an effect.

!TitaniamProtectIncident operation="protect-masked"

Encode current incident. Display format for protected fields of encoded incident is a mask in the form of "xxx". When invoked on already encoded incident this command doesn't have an effect.

!TitaniamProtectIncident incident_id="225,226,227,228" operation="protect-tangled"

Encode list of incidents, specified with comma-separated values incidents IDs (225,226,227,228). Display format for protected fields of encoded incidents is encoded value. When invoked on already encoded incidents this command doesn't have an effect.

!TitaniamProtectIncident operation="protect-tangled"

Encode current incident. Display format for protected fields of encoded incident is encoded value. When invoked on already encoded incident this command doesn't have an effect.

!TitaniamProtectIncident incident_id="225,226,227,228" operation="unprotect"

Decode list of incidents, specified with comma-separated values incidents IDs (225,226,227,228). Protected fields will be decoded back to cleartext. When invoked on already decoded incidents this command doesn't have an effect.

!TitaniamProtectIncident operation="unprotect"

Decode current incident. Protected fields will be decoded back to cleartext. When invoked on already decoded incident this command doesn't have an effect.

Revert titaniamOp flag using the below command when the following scenarios happen If protected fields is not part of the schema while creating incident the titaniamOp flag set to 1 but the values are in clear text in the incident. Check the value in incident context Data. Eg: TITANIAM_PROTECTED = "1", TITANIAM_UNPROTECTED = "0" Once the schema updated with the protected fields, then we have to revert the flag to 0 before clicking the Show Cleartext or Protect Data button

!setIncident addLabels=[{\"titaniamOp\":\"0\"}]