Submit an Intel Report

Updated 6 days ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command submits a new Intel Report to TruSTAR and adds the TruSTAR Report ID to the Demisto incident.

Format

trustar-submit-report

Example

!trustar-submit-report title="fake title" report-body="the report body goes here" enclave_ids=xxxxx-yyyy=zzzzz

Inputs

Argument

Description

Required

title

Title of the Intel Report

Yes

report_body

Text content of the Intel Report

Yes

enclave_id

Enclave ID of where the Intel Report will be stored in TruSTAR.

Argument is required if the distribution type is ENCLAVE.

Yes, if distribution_type is set to ENCLAVE

distribution_type

Distribution type of the report. Legal values are COMMUNITY or ENCLAVE (the default).

No

external_url

URL for the external report that this originated from, if one exists. This URL must be unique across all reports in your organization.

Maximum is 500 alphanumeric characters.

No

time_began

ISO-8601 formatted incident time with timezone; for example, 2016-09-22T11:38:35+00:00.

Default is current timezone.

No

Output

Path

Type

Description

TruSTAR.Report.title

string

Title of the report

TruSTAR.Report.reportBody

string

Body of the report

TruSTAR.Report.id

string

ID of the report


How Did We Do?