Get Report Indicators

Updated 6 days ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command returns a list of Indicators extracted from the specified Intel Report. This command is limited to one Intel Report at a time.

Format

trustar-get-indicators-for-report

Example

!trustar-get-indicators-for-report report_id=xxxx.yyyyy.zzzzz 

Input

Argument

Description

Required

report_id

the ID of the Intel Report to get the indicators from.

Yes

limit

Limit of results to return. Max value possible is 1000.

Default is 25.

No

Output

Path

Type

Description

TruSTAR.Indicators.type

string

Indicator type

TruSTAR.Indicators.value

string

Indicator value

File.Name

string

The full file name (including file extension)

<Indicator>

string

Supported Indicators

DBotScore.Indicator

string

The indicator we tested

DBotScore.Type

string

The type of the indicator

DBotScore.Vendor

string

Vendor used to calculate the score

DBotScore.Score

number

The actual score


How Did We Do?