This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Case Created using create_case(case_info) but Alerts/Events Not Showing in Google SecOps

Posted on 03-05-2025 04:59 AM
shubhamagar
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi everyone,

I'm using the Siemplify SOAR SDK to create a case in Google SecOps. The case is being created successfully, but the alerts and events are not showing up inside the case. Here is the code I'm using:

import json
from SiemplifyAction import SiemplifyAction
from SiemplifyConnectorsDataModel import AlertInfo

# Initialize the SiemplifyAction object
siemplify = SiemplifyAction()

# Create multiple events as dictionaries with necessary fields
event1 = {
    "identifier": "event_id_1",
    "name": "Event 1",
    "type": "Type of event",
    "severity": 30,
    "description": "Description of event 1"
}

event2 = {
    "identifier": "event_id_2",
    "name": "Event 2",
    "type": "Type of event",
    "severity": 50,
    "description": "Description of event 2"
}

# Create multiple AlertInfo objects and add events to them
alert1 = AlertInfo()
alert1.identifier = "alert_id_1"
alert1.name = "Alert 1"
alert1.type = "Type of alert"
alert1.severity = 40
alert1.description = "Description of alert 1"
alert1.events = [event1, event2]

alert2 = AlertInfo()
alert2.identifier = "alert_id_2"
alert2.name = "Alert 2"
alert2.type = "Type of alert"
alert2.severity = 60
alert2.description = "Description of alert 2"
alert2.events = [event1]

# Convert AlertInfo objects to dictionaries
alerts_info = [
    {
        "identifier": alert.identifier,
        "name": alert.name,
        "type": alert.type,
        "severity": alert.severity,
        "description": alert.description,
        "events": alert.events
    } for alert in [alert1, alert2]
]

# Create the case dictionary
case_info_dict = {
    "display_id": "New Case",
    "description": "Description of the case",
    "severity": 40,  # Severity level (e.g., 40 for medium)
    "name": "Case Name",
    "ticket_id": "Ticket123",
    "device_vendor": "VendorName",
    "rule_generator": "RuleName",
    "source_system_name": "SourceSystem",
    "alerts_info": alerts_info
}

# Create the case
siemplify.create_case(json.dumps(case_info_dict))

Has anyone encountered a similar issue or can provide guidance on what might be going wrong? Any help would be greatly appreciated!

Thanks in advance!

0 5 624
Topic Labels
0 Likes
5 REPLIES 5
Top Solution Authors
View all