Generate Casebook with Flow Links
Workflow #0005
Response Workflow
This workflow generates a Cisco SecureX casebook with links to investigate the IP address in Cisco Secure Cloud Analytics (SCA). Supported observable: ip
This workflow has been updated to use the new "SecureX Token" account key. For more information about this, please see this page. If you want to use legacy authentication, you can import an older version of the workflow.
Change Log
| Date | Notes |
|---|---|
| Nov 20, 2020 | - Initial release |
| Sep 10, 2021 | - Updated to use the new system atomics |
| Aug 31, 2022 | - Updated to support SecureX Tokens |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Threat Response - Create Casebook
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Secure Cloud Analytics (SCA)
Workflow Steps
- Calculate date 7 days ago
- Format 7 days ago date to Secure Cloud Analytics format
- Format today’s date to Secure Cloud Analytics format
- Create casebook with investigation links
Configuration
- Set your Secure Cloud Analytics instance URL in the
SCA Instance URLlocal variable - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Target Group: Default TargetGroup
| Target Name | Type | Details | Account Keys | Notes |
|---|---|---|---|---|
| Private_CTIA_Target | HTTP Endpoint | Protocol: HTTPSHost: private.intel.amp.cisco.comPath: None | CTR_Credentials | Created by default |
Account Keys
| Account Key Name | Type | Details | Notes |
|---|---|---|---|
| CTR_Credentials | SecureX Token | See this page |