TIM - ArcSight Add Url Indicators

This playbook queries indicators based on a pre-defined query or results from a parent playbook and adds the resulting indicators to an ArcSight Active List. The Active List ID should also be defined in the playbook inputs as well as the field name in the Active list to add to.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • ArcSight ESM v2

Scripts

This playbook does not use any scripts.

Commands

  • appendIndicatorField
  • as-add-entries

Playbook Inputs


NameDescriptionDefault ValueRequired
ArcSightBlackListUrlActiveListIDID of the black list Url Active List resource as appears in ArcSight.Optional
ArcsightBlackUrlValueFieldNameThe name of the black list Active List field to insert the Url value to.Optional
ArcSightWhiteListUrlActiveListIDID of the white list Url Active List resource as appears in ArcSight.Optional
ArcsightWhiteListUrlValueFieldNameThe name of the white list Active List field to insert the Url value to.Optional
ArcSightWatchListUrlActiveListIDID of the watch list Url Active List resource as appears in ArcSight.Optional
ArcsightWatchListUrlValueFieldNameThe name of the watch list Active List field to insert the Url value to.Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Playbook Image