Cisco Threat Response - Trigger Response Action
Details
This atomic belongs to the Cisco Threat Response atomic group.
Triggers a "response" action through Threat Response. You can use the "List Response Actions" atomic action to get a list of actions available for a given observable.
Target: SecureX APIs or HTTP Endpoint for "visibility.amp.cisco.com" with a path of "/iroh"
Account Key: None (uses a token)
Steps:
[] Generate the authorization header
[] Attempt to trigger the Threat Response action
[] Check if the request was successful:
[]> If it was, make sure the status code was success
[]> If it wasn't, return an error
More information about this API: https://visibility.amp.cisco.com/iroh/iroh-response/index.html#/Response/post_iroh_iroh_response_respond_trigger__module_instance_id___action_id_
About
Authorship
Cisco Managed