case-modify
March 22, 2023 · View on GitHub
Description
The properties or content of a security incident were changed on a security product
Parameters
| Parameter | Value |
|---|---|
| Subject | case |
| Activity | modify |
| Activity Type | case-modify |
| Pretty Name | Case Modify |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
case-modify:success
There are no fields for this activity type.
case-modify:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| failure_reason | ✓ |