Create Entity Command
Usage
The Create Sightings command is used to create sightings in the platform and requires following fields as input parameters:
|
Name |
Description |
Possible values / samples |
|
extract-type |
The extract type to be created on the platform. |
|
|
extract-value |
The extract value to be created in the platform. |
See extract types above. |
|
tlp |
The treat level color code. |
WHITE, GREEN, AMBER, and RED. |
|
title |
The title of the sighting. |
Any type of string. |
|
description |
Descriptive text about the sighting. |
Any type of string. |
|
tag |
An extra tag on the sighting. |
For example, ArcSight generated sighting, or SOC X. |
|
confidence |
The treat level confidence. |
Low, Medium, or High |
The Create Sighting command is executed on the platform, creates an entity and and returns a parseble CSV response.
The response contains an entity id and a uri for the entity that has been created in the platform
id,urldb99a41c-3cd8-4c90-a06c-ac843de4a46c,/#/entity/db99a41c-3cd8-4c90-a06c-ac843de4a46cThe created sighting can be viewed via the EclecticIQ UI using the URI:
https://<platform_host>/<entity URI>