Illusive-Retrieve-Incident

This playbook is used for retrieving an extensive view over a detected incident by retrieving the incident details and a forensics timeline if and when forensics have been successfully collected.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • IllusiveNetworks

Scripts

  • Print

Commands

  • illusive-get-forensics-timeline
  • illusive-get-incidents

Playbook Inputs


NameDescriptionDefault ValueRequired
incident_idThe desired incident ID to retrieve.3Required
start_dateThe starting date of the forensics timeline.Optional
end_dateThe last date of the forensics timeline.Optional

Playbook Outputs


PathDescriptionType
Illusive.Forensics.Evidence.detailsThe forensics evidence detailsunknown
Illusive.Forensics.Evidence.eventIdThe event IDunknown
Illusive.Forensics.Evidence.idThe forensics evidence IDunknown
Illusive.Forensics.Evidence.sourceThe Evidence sourceunknown
Illusive.Forensics.Evidence.starredWhether the forensics evidence has been starredunknown
Illusive.Forensics.Evidence.timeDate and time of the forensics evidenceunknown
Illusive.Forensics.Evidence.titleThe forensics evidence descriptionunknown
Illusive.Forensics.IncidentIdThe Incident Idunknown

Playbook Image