Link Search Menu Expand Document

Ignore Anomalous Object

Workflow #0045

Response Workflow

This workflow was developed and is supported by Cohesity

This workflow ignores an anomaly reported in Cohesity Helios. Supported observable: hostname

Note: This workflow is designed to be triggered from SecureX incidents generated by one of the following workflows:

GitHub


Change Log

Date Notes
Sep 24, 2021 - Initial release

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • None
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • Cohesity Helios

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Execute a Python script to restore the object, resolve the alert, and perform optional cleanup in SecureX

Configuration

  • Set the Helios API Key local variable to your Cohesity Helios API key
  • Set the SecureX API Client ID and SecureX API Secret local variables to your API client’s ID and secret (more information)
  • Set the Delete Sighting and Incident local variable to yes or no depending on whether or not you want to clean up SecureX objects after ignoring the alert
  • If you want to change the name of this workflow in the pivot menu, change its display name