This article describes how to initiate an action to open, remediate, and close a Suspicious Activity for investigation in Nebula using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
Opens the suspicious activity incident
malwarebytes-open-sa-incident
Remediates the suspicious activity incident
malwarebytes-remediate-sa-incident
Closes the suspicious activity incident
malwarebytes-close-sa-incident
Input
Argument name | Description | Required |
machine_id | The machine ID of an endpoint where Suspicious Activity is found. | Required |
detection_id | The detection ID of the Suspicious Activity. | Required |
Context Output
Path | Type | Description |
Malwarebytes.SA.Machine_ID | string | The machine ID of the Suspicious host. |
Command example
!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295
!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931496
!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295
Context example
{ "Malwarebytes.SA": { "Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399" } }
Return to the table of contents.