Cisco Threat Response - Create Incident
Details
This atomic belongs to the Cisco Threat Response atomic group.
Creates a new Threat Response incident in your private intelligence store.
Target: SecureX Private Intelligence API or HTTP Endpoint for "private.intel.amp.cisco.com"
Account Key: None (uses a token)
Steps:
[] Generate the JSON for the new incident
[] Generate the authorization header
[] POST the incident JSON to Threat Response
[] Check if the incident was created:
[]> If it was, extract the incident ID and set the output variables
[]> If it wasn't, return an error
More information about this API: https://private.intel.amp.cisco.com/index.html#/Incident/post_ctia_incident
About
Authorship
Cisco Managed