I need help regarding creation of mock/dummy incident in sentinel using "print" operator. I want to have below items to be added into entity as is.
print user="example[@]example.com", ip1="188.8.131.52", ip2="184.108.40.206", Sender="example[@]example.com", Recipient="example[@]example.com", Subject="This is a test phishing email", Mailbox="example[@]example.com", Url="https://test.com"
I created a test rule and tried to map those entities using rule wizard under mailbox , submission mail and mail messages separately and tried all possible options but still unsuccessful. Appreciate if anyone can help with the correct approach. Thanks.
@semub1122 Not even sure that the "print" command will work in a rule. What you could do is to create a datatable that contains all the information you want in it and then just show that datatable. I do this a lot to create demo incidents.