how to create Mock incident using print operator?

New Contributor

I need help regarding creation of mock/dummy incident in sentinel using "print" operator. I want to have below items to be added into entity as is.

IP

Sender Email

Recipient

Subject

URL

print user="example[@]example.com", ip1="1.1.1.1", ip2="2.2.2.2", Sender="example[@]example.com", Recipient="example[@]example.com", Subject="This is a test phishing email", Mailbox="example[@]example.com", Url="https://test.com"

 

I created a test rule and tried to map those entities using rule wizard under mailbox , submission mail and mail messages separately and tried all possible options but still unsuccessful. Appreciate if anyone can help with the correct approach. Thanks.

1 Reply

@semub1122 Not even sure that the "print" command will work in a rule. What you could do is to create a datatable that contains all the information you want in it and then just show that datatable. I do this a lot to create demo incidents.

 

let demoData = datatable (Data: string) [
    "Demo data"
];
demoData