# Any added value in this file should be added in EventManagementUtils for localization [itsi_pagerduty_event] disabled = 0 is_custom = 1 label = Send to PagerDuty description = Send events to PagerDuty using events API v2 payload_format = json python.version = python3 ttl = 600 maxtime = 600 maxresults = 100000 param.pd_account = # DO NOT change/override param.pd_dedup_key under any circumstances # ITSI sends episode id as dedup key as episode is unique param.pd_dedup_key = $result.itsi_group_id$ param.pd_event_action = param.pd_source = param.pd_summary = param.pd_severity = param.pd_link_text = param.pd_link_href = param.pd_class = param.pd_component = param.pd_group = param.pd_timestamp = [itsi_event_generator] is_custom = 1 label = ITSI Alert Generator description = Send an ITSI alert to the summary index. payload_format = json param.index = itsi_tracked_alerts param.sourcetype = itsi_notable:event param.http_token_name = Auto Generated ITSI Event Management Token param.event_identifier_fields = source param.search_type = custom param.is_use_event_time = 0 param.batch_size = 5000 param.event_field_max_length = 10000 param.editor = advance_correlation_builder_editor param.title = param.description = param.owner = unassigned param.status = 1 param.severity = 1 param.itsi_instruction = param.drilldown_search_title = param.drilldown_search_search = param.drilldown_search_latest_offset = 300 param.drilldown_search_earliest_offset = -300 param.drilldown_title = param.drilldown_uri = param.service_ids = param.entity_lookup_field = param.meta_data = param.is_ad_at = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_sample_event_action_ping] is_custom = 1 label = Ping host description = Given one or more ITSI episodes, ping the `host` in it. payload_format = json param.host_to_ping = %orig_host% ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_link_ticket] is_custom = 1 label = Link Ticket description = Given an ITSI episode, link a ticket of your ticketing system of choice. payload_format = json param.ticket_system = param.ticket_id = param.ticket_url = param.operation = param.kwargs = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_link_url] is_custom = 1 label = Add reference link description = Link an episode to an external URL. payload_format = json param.url = param.url_description = param.operation = param.kwargs = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_webhook] is_custom = 1 label = Webhook description = Given an ITSI episode, send the episode data to the provided URL. payload_format = json param.webhook_name = param.webhook_uri = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_snow_wrapper] is_custom = 1 label = Create ServiceNow incident description = Given an ITSI episode, create a ServiceNow incident and link it to the episode. payload_format = json param.account = param.state = param.configuration_item = param.contact_type = param.assignment_group = param.category = param.subcategory = param.impact = param.urgency = param.priority = param.short_description = param.correlation_id = param.splunk_url = param.custom_fields = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_jira_wrapper] is_custom = 1 label = Jira Cloud Issue Integration description = Given an ITSI episode, create a Jira Issue and link it to the episode. payload_format = json param.api_token = param.project_key = param.issue_type = param.summary = param.priority = param.custom_fields = param.component = param.label = param.jira_key = $result.jira_ticket_id$ param.description = param.correlation_id = ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_event_action_clear_sim_incidents] is_custom = 1 label = Clear Splunk Infrastructure Monitoring incidents description = Given an ITSI episode, clear the Splunk Infrastructure Monitoring incidents within it. payload_format = json ttl = 600 maxtime = 600 maxresults = 10000 python.version = python3 [itsi_import_objects] is_custom = 1 label = ITSI Import Objects description = Import ITSI entities and service data. command = itsiimportobjects \ backfillEnabled="$action.itsi_import_objects.param.backfill_enabled$" \ entityDescriptionFields="$action.itsi_import_objects.param.entity_description_fields$" \ entityFieldMapping="$action.itsi_import_objects.param.entity_field_mapping$" \ entityIdentifierFields="$action.itsi_import_objects.param.entity_identifier_fields$" \ entityInformationalFields="$action.itsi_import_objects.param.entity_informational_fields$" \ entityMergeField="$action.itsi_import_objects.param.entity_merge_field$" \ entityMergeFqdn="$action.itsi_import_objects.param.entity_merge_fqdn$" \ entityTitleField="$action.itsi_import_objects.param.entity_title_field$" \ entityTypeField="$action.itsi_import_objects.param.entity_type_field$" \ entityStatusTracking="$action.itsi_import_objects.param.entity_status_tracking$" \ fieldLevelUpdateType="$action.itsi_import_objects.param.field_level_update_type$" \ serviceDependentsFields="$action.itsi_import_objects.param.service_dependents_fields$" \ serviceDescriptionFields="$action.itsi_import_objects.param.service_description_fields$" \ serviceTagsFields="$action.itsi_import_objects.param.service_tags_field$" \ serviceEnabled="$action.itsi_import_objects.param.service_enabled$" \ serviceTeam="$action.itsi_import_objects.param.service_team$" \ serviceTemplatesConfig="$action.itsi_import_objects.param.service_templates_config$" \ serviceTemplateField="$action.itsi_import_objects.param.service_template_field$" \ serviceTitleField="$action.itsi_import_objects.param.service_title_field$" \ updateType="$action.itsi_import_objects.param.update_type$" \ recurringImportName="$name$" param.backfill_enabled = param.entity_description_fields = param.entity_field_mapping = param.entity_identifier_fields = param.entity_informational_fields = param.entity_merge_field = param.entity_merge_fqdn = param.entity_title_field = param.entity_type_field = param.field_level_update_type = param.entity_status_tracking = param.service_dependents_fields = param.service_description_fields = param.service_enabled = param.service_tags_field = param.service_team = param.service_templates_config = param.service_template_field = param.service_title_field = param.update_type = ttl = 120 [itsi_summary_metrics_collect] label = ITSI Metrics Summary Index Collector description = Converts events into metrics data points and adds them to the ITSI metrics summary index. is_custom = 1 command = `mcollect_into_summary_index` [itsi_event_action_send_to_phantom] disabled = 0 is_custom = 1 label = Send to Splunk SOAR description = Send Episode to Splunk SOAR payload_format = json ttl = 600 maxtime = 600 maxresults = 100000 python.version = python3