You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/cse/automation/about-automation-service-and-cloud-siem.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,13 +22,13 @@ The Automation Service is a subset of automation capabilities adapted from Cloud
22
22
## Benefits
23
23
24
24
* The Automation Service supports enrichment, notification, containment, user choice, and custom actions in Cloud SIEM.
25
-
* Enrichment actions can be used to gather additional information about an Entity or Insight, including threat indicators.
25
+
* Enrichment actions can be used to gather additional information about an entity or insight, including threat indicators.
26
26
* Notification actions can be used to send notifications or update status in systems like Cloud SIEM, the Sumo Logic core platform, Slack, Microsoft Teams, Jira, email, and so on.
27
-
* Automations can be triggered automatically when an Insight is created or closed. For example, you could define a playbook that is executed automatically when an Insight is created that gathers enrichment data. And if the data returned includes a malicious threat indicator:
28
-
1. Changes the Insight state to “In Progress”.
29
-
1. Assigns the Insight.
30
-
1. Sends a (customized) email with information about the Insight and indicator.
31
-
1. Creates a Slack channel for the Insight.
27
+
* Automations can be triggered automatically when an insight is created or closed. For example, you could define a playbook that is executed automatically when an insight is created that gathers enrichment data. And if the data returned includes a malicious threat indicator:
28
+
1. Changes the insight state to “In Progress”.
29
+
1. Assigns the insight.
30
+
1. Sends a (customized) email with information about the insight and indicator.
31
+
1. Creates a Slack channel for the insight.
32
32
1. Invites certain people to the Slack channel.
33
33
34
34
:::note
@@ -81,7 +81,7 @@ Access to the Automation Service is controlled by [role capabilities](/docs/mana
81
81
The [Cloud SIEM API](/docs/cse/administration/cse-apis/) supports automations. Endpoints include:
82
82
*`GET /automations`. Get the list of automations
83
83
*`POST /automations`. Create an automation
84
-
*`POST /automations/execute`. Run one or more automations against one or more Entities/Insights
84
+
*`POST /automations/execute`. Run one or more automations against one or more entities/insights
85
85
*`DELETE /automations/{id}`. Delete an automation
86
86
*`GET /automations/{id}`. Get a specific automation
87
87
*`PUT /automations/{id}`. Update a specific automation
0 commit comments