assign_triage_task
Automatically assign triage tasks to endpoints using customizable filters, case IDs, and triage rules, enabling targeted incident response actions.
Instructions
Assign a triage task to endpoints based on filter criteria
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| caseId | Yes | Case ID for the triage task | |
| filter | Yes | Filter criteria for selecting endpoints | |
| mitreAttack | Yes | MITRE ATT&CK configuration | |
| taskConfig | Yes | Task configuration options | |
| triageRuleIds | Yes | Array of triage rule IDs to apply |
Input Schema (JSON Schema)
{
"properties": {
"caseId": {
"description": "Case ID for the triage task",
"type": "string"
},
"filter": {
"description": "Filter criteria for selecting endpoints",
"properties": {
"excludedEndpointIds": {
"description": "Array of endpoint IDs to exclude",
"items": {
"type": "string"
},
"type": "array"
},
"groupFullPath": {
"description": "Filter by full group path",
"type": "string"
},
"groupId": {
"description": "Filter by group ID",
"type": "string"
},
"includedEndpointIds": {
"description": "Array of endpoint IDs to include",
"items": {
"type": "string"
},
"type": "array"
},
"ipAddress": {
"description": "Filter by IP address",
"type": "string"
},
"isolationStatus": {
"description": "Filter by isolation status",
"items": {
"type": "string"
},
"type": "array"
},
"issue": {
"description": "Filter by issue",
"type": "string"
},
"managedStatus": {
"description": "Filter by managed status (e.g., [\"managed\"])",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "Filter by asset name",
"type": "string"
},
"onlineStatus": {
"description": "Filter by online status",
"items": {
"type": "string"
},
"type": "array"
},
"organizationIds": {
"description": "Organization IDs filter",
"items": {
"oneOf": [
{
"type": "number"
},
{
"type": "string"
}
]
},
"type": "array"
},
"platform": {
"description": "Filter by platform (e.g., [\"windows\"])",
"items": {
"type": "string"
},
"type": "array"
},
"policy": {
"description": "Filter by policy",
"type": "string"
},
"searchTerm": {
"description": "Optional search term",
"type": "string"
},
"tags": {
"description": "Filter by tags",
"items": {
"type": "string"
},
"type": "array"
},
"version": {
"description": "Filter by agent version",
"type": "string"
}
},
"type": "object"
},
"mitreAttack": {
"description": "MITRE ATT&CK configuration",
"properties": {
"enabled": {
"description": "Whether to enable MITRE ATT&CK framework",
"type": "boolean"
}
},
"required": [
"enabled"
],
"type": "object"
},
"taskConfig": {
"description": "Task configuration options",
"properties": {
"choice": {
"description": "Configuration choice, e.g., \"use-custom-options\"",
"type": "string"
}
},
"required": [
"choice"
],
"type": "object"
},
"triageRuleIds": {
"description": "Array of triage rule IDs to apply",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"caseId",
"triageRuleIds",
"taskConfig",
"mitreAttack",
"filter"
],
"type": "object"
}