# Any added value in this file should be added in EventManagementUtils for localization [itsi_event_generator] is_custom = 1 label = ITSI Alert Generator description = Send an ITSI alert to the summary index. payload_format = json param.index = itsi_tracked_alerts param.sourcetype = itsi_notable:event param.http_token_name = Auto Generated ITSI Event Management Token param.event_identifier_fields = source param.search_type = custom param.is_use_event_time = 0 param.event_field_max_length = 10000 param.editor = advance_correlation_builder_editor param.title = param.description = param.owner = unassigned param.status = 1 param.severity = 1 param.itsi_instruction = param.drilldown_search_title = param.drilldown_search_search = param.drilldown_search_latest_offset = 300 param.drilldown_search_earliest_offset = -300 param.drilldown_title = param.drilldown_uri = param.service_ids = param.entity_lookup_field = param.meta_data = param.is_ad_at = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_sample_event_action_ping] is_custom = 1 label = Ping host description = Given one or more ITSI episodes, ping the `host` in it. payload_format = json param.host_to_ping = %orig_host% ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_link_ticket] is_custom = 1 label = Link Ticket description = Given an ITSI episode, link a ticket of your ticketing system of choice. payload_format = json param.ticket_system = param.ticket_id = param.ticket_url = param.operation = param.kwargs = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_link_url] is_custom = 1 label = Add reference link description = Link an episode to an external URL. payload_format = json param.url = param.url_description = param.operation = param.kwargs = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_snow_wrapper] is_custom = 1 label = Create ServiceNow incident description = Given an ITSI episode, create a ServiceNow incident and link it to the episode. payload_format = json param.account = param.state = param.configuration_item = param.contact_type = param.assignment_group = param.category = param.subcategory = param.impact = param.urgency = param.priority = param.short_description = param.correlation_id = param.splunk_url = param.custom_fields = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_clear_sim_incidents] is_custom = 1 label = Clear Splunk Infrastructure Monitoring incidents description = Given an ITSI episode, clear the Splunk Infrastructure Monitoring incidents within it. payload_format = json ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_import_objects] is_custom = 1 label = ITSI Import Objects description = Import ITSI entities and service data. command = itsiimportobjects \ backfillEnabled="$action.itsi_import_objects.param.backfill_enabled$" \ entityDescriptionFields="$action.itsi_import_objects.param.entity_description_fields$" \ entityFieldMapping="$action.itsi_import_objects.param.entity_field_mapping$" \ entityIdentifierFields="$action.itsi_import_objects.param.entity_identifier_fields$" \ entityInformationalFields="$action.itsi_import_objects.param.entity_informational_fields$" \ entityMergeField="$action.itsi_import_objects.param.entity_merge_field$" \ entityTitleField="$action.itsi_import_objects.param.entity_title_field$" \ entityTypeField="$action.itsi_import_objects.param.entity_type_field$" \ entityStatusTracking="$action.itsi_import_objects.param.entity_status_tracking$" \ serviceDependentsFields="$action.itsi_import_objects.param.service_dependents_fields$" \ serviceDescriptionFields="$action.itsi_import_objects.param.service_description_fields$" \ serviceTagsFields="$action.itsi_import_objects.param.service_tags_field$" \ serviceEnabled="$action.itsi_import_objects.param.service_enabled$" \ serviceTeam="$action.itsi_import_objects.param.service_team$" \ serviceTemplatesConfig="$action.itsi_import_objects.param.service_templates_config$" \ serviceTemplateField="$action.itsi_import_objects.param.service_template_field$" \ serviceTitleField="$action.itsi_import_objects.param.service_title_field$" \ updateType="$action.itsi_import_objects.param.update_type$" \ recurringImportName="$name$" param.backfill_enabled = param.entity_description_fields = param.entity_field_mapping = param.entity_identifier_fields = param.entity_informational_fields = param.entity_merge_field = param.entity_title_field = param.entity_type_field = param.entity_status_tracking = param.service_dependents_fields = param.service_description_fields = param.service_enabled = param.service_tags_field = param.service_team = param.service_templates_config = param.service_template_field = param.service_title_field = param.update_type = ttl = 120 [itsi_summary_metrics_collect] label = ITSI Metrics Summary Index Collector description = Converts events into metrics data points and adds them to the ITSI metrics summary index. is_custom = 1 command = `mcollect_into_summary_index` [itsi_event_action_send_to_phantom] disabled = 0 is_custom = 1 label = Send to Splunk SOAR description = Send Episode to Splunk SOAR payload_format = json ttl = 600 maxtime = 600 maxresults = 100000 python.version = python3