Generate Casebook with Flow Links
Workflow #0005
Response Workflow
This workflow generates a Cisco SecureX casebook with links to investigate the IP address in Cisco Secure Cloud Analytics (SCA). Supported observable: ip
This workflow has been updated to use the new "SecureX Token" account key. For more information about this, please see this page. If you want to use legacy authentication, you can import an older version of the workflow.
Change Log
Date | Notes |
---|---|
Nov 20, 2020 | - Initial release |
Sep 10, 2021 | - Updated to use the new system atomics |
Aug 31, 2022 | - Updated to support SecureX Tokens |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Threat Response - Create Casebook
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Secure Cloud Analytics (SCA)
Workflow Steps
- Calculate date 7 days ago
- Format 7 days ago date to Secure Cloud Analytics format
- Format today’s date to Secure Cloud Analytics format
- Create casebook with investigation links
Configuration
- Set your Secure Cloud Analytics instance URL in the
SCA Instance URL
local variable - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Private_CTIA_Target | HTTP Endpoint | Protocol: HTTPS Host: private.intel.amp.cisco.com Path: None | CTR_Credentials | Created by default |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
CTR_Credentials | SecureX Token | See this page |