This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms. 

Read more and check out our FAQ
Log in to ask a question

Is there a way to set additional data for a case in a similar way it can be set per alert?

Posted on 08-15-2023 03:05 AM
Chase_Hammons
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Is there a way to set additional data for a case in a similar way it can be set per alert?
I use siemplify.update_alerts_additional_data in an action to set something for an alert, but is there a way to set OFFENSE_ID for a case (from a job)? I see siemplify.set_context_property but does that work from a job?

0 2 269
0 Likes
Reply
2 REPLIES 2

Posted on --/--/---- --:-- AM
James_Hunter
New Member
Reply posted on --/--/---- --:-- AM

Have you checked out siemplify.set_case_context_property(key,value) ? I’m not sure if OFFENSE_ID is reserved but I use this for setting what are effectively environmental variables.
https://cloud.google.com/chronicle/docs/soar/reference/siemplify-action-module#set_case_context_prop...

0 Likes
Reply

Posted on --/--/---- --:-- AM
Chase_Hammons
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I tried that but it didn't seem to be available from a SiemplifyJob class. Not sure if I'm missing something

0 Likes
Reply
Top Solution Authors
View all