On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Generate Casebook with Flow Links

Workflow #0005

Response Workflow

This workflow generates a Cisco SecureX casebook with links to investigate the IP address in Cisco Secure Cloud Analytics (SCA). Supported observable: ip

This workflow has been updated to use the new "SecureX Token" account key. For more information about this, please see this page. If you want to use legacy authentication, you can import an older version of the workflow.

GitHub

---

Change Log

Date	Notes
Nov 20, 2020	- Initial release
Sep 10, 2021	- Updated to use the new system atomics
Aug 31, 2022	- Updated to support SecureX Tokens

See the Important Notes page for more information about updating workflows

---

Requirements

• The following system atomics are used by this workflow:
  • Threat Response - Create Casebook
• The following atomic actions must be imported before you can import this workflow:
  • None
• The targets and account keys listed at the bottom of the page
• Cisco Secure Cloud Analytics (SCA)

---

Workflow Steps

1. Calculate date 7 days ago
2. Format 7 days ago date to Secure Cloud Analytics format
3. Format today’s date to Secure Cloud Analytics format
4. Create casebook with investigation links

---

Configuration

• Set your Secure Cloud Analytics instance URL in the SCA Instance URL local variable
• If you want to change the name of this workflow in the pivot menu, change its display name

---

Targets

Target Group: Default TargetGroup

Target Name	Type	Details	Account Keys	Notes
Private_CTIA_Target	HTTP Endpoint	Protocol: HTTPS Host: private.intel.amp.cisco.com Path: None	CTR_Credentials	Created by default

---

Account Keys

Account Key Name	Type	Details	Notes
CTR_Credentials	SecureX Token		See this page