cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Dynamically populate description of an incident

mergene
Brass Contributor

‎Aug 02 2020 02:52 AM

‎Aug 02 2020 02:52 AM

Dynamically populate description of an incident

Hi, 

Is it possible to populate the description of an incident dynamically? For example, I have an analytic rule which detects if an account is added to a specific group. I would like to populate the incident description as below:

"user XYZ has added user ABC to the domain group GRP01". 

Here, the XYZ, ABC, and GRP01 is extracted from the query result (SubjectUserName, MemberName, TargetUserName. This would make the incidents more easy to understand by analysts at first glance, without having to investigate evidence events. Also, when integrating with a ticketing system, the dynamically populated description would be more useful for incident handlers. 

479 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by mergene (Brass Contributor)
Ofer_Shezaf

‎Aug 02 2020 06:14 AM

‎Aug 02 2020 06:14 AM

Solution

Re: Dynamically populate description of an incident

@mergene This is not currently possible, however we are working on such a feature.

1 Like
Reply
mergene

‎Aug 02 2020 08:35 AM

‎Aug 02 2020 08:35 AM

Re: Dynamically populate description of an incident

Thanks Ofer! Looking forward to it!
0 Likes
Reply