This article describes how to initiate an action to open, remediate, and close a Suspicious Activity for investigation in Nebula using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
Opens the suspicious activity incident
malwarebytes-open-sa-incidentRemediates the suspicious activity incident
malwarebytes-remediate-sa-incidentCloses the suspicious activity incident
malwarebytes-close-sa-incidentInput
| Argument name | Description | Required |
|---|---|---|
| machine_id | The machine ID of an endpoint where Suspicious Activity is found. | Required |
| detection_id | The detection ID of the Suspicious Activity. | Required |
Context Output
| Path | Type | Description |
| Malwarebytes.SA.Machine_ID | string | The machine ID of the Suspicious host. |
Command example
!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931496!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295Context example
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Return to the table of contents.