cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to create Mock incident using print operator?

securityxpert1122
Copper Contributor

‎Jul 21 2022 11:47 AM

‎Jul 21 2022 11:47 AM

how to create Mock incident using print operator?

I need help regarding creation of mock/dummy incident in sentinel using "print" operator. I want to have below items to be added into entity as is.

IP

Sender Email

Recipient

Subject

URL

print user="example[@]example.com", ip1="1.1.1.1", ip2="2.2.2.2", Sender="example[@]example.com", Recipient="example[@]example.com", Subject="This is a test phishing email", Mailbox="example[@]example.com", Url="https://test.com"

 

I created a test rule and tried to map those entities using rule wizard under mailbox , submission mail and mail messages separately and tried all possible options but still unsuccessful. Appreciate if anyone can help with the correct approach. Thanks.

Labels:
736 Views
0 Likes
1 Reply
Reply
1 Reply
Gary Bushey

‎Jul 22 2022 03:43 AM

‎Jul 22 2022 03:43 AM

Re: how to create Mock incident using print operator?

@securityxpert1122 Not even sure that the "print" command will work in a rule. What you could do is to create a datatable that contains all the information you want in it and then just show that datatable. I do this a lot to create demo incidents.

 

let demoData = datatable (Data: string) [
    "Demo data"
];
demoData
0 Likes
Reply