how to create Mock incident using print operator?

Copper Contributor

I need help regarding creation of mock/dummy incident in sentinel using "print" operator. I want to have below items to be added into entity as is.


Sender Email




print user="example[@]", ip1="", ip2="", Sender="example[@]", Recipient="example[@]", Subject="This is a test phishing email", Mailbox="example[@]", Url=""


I created a test rule and tried to map those entities using rule wizard under mailbox , submission mail and mail messages separately and tried all possible options but still unsuccessful. Appreciate if anyone can help with the correct approach. Thanks.

1 Reply

@securityxpert1122 Not even sure that the "print" command will work in a rule. What you could do is to create a datatable that contains all the information you want in it and then just show that datatable. I do this a lot to create demo incidents.


let demoData = datatable (Data: string) [
    "Demo data"