Leave us a Message:

Grid Field – DB Entry Mirroring​

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email

Grid Field - DB Entry Mirroring

This post is the 2nd part, of a two-part use case on Grid Field in SOAR, written by our SOAR expert Ben Aviv. For reading the first part, please click here.

Some use-cases require the analysts to add or update external DB entries, for example blacklisting the incident offender in an external system.

One of CyberSIEM’s developments is using the grid field to mirror a DB entry. We use hard-coded SQL queries with several changes that enable us to reflect the whole DB table.

What will you need to make it work:

  1. A working integration of SQL query
  2. A grid field that reflects the DB table entry’s fields
  3. Automation that performs the actual mirror action
  4. A button that executes the automation

 

So how does it work?

Let’s take, for example this grid field:

When you add an entry to the grid field and click the button, the automation takes the content of the grid field and does the following:

  1. It runs a SQL query with the key fields (for example, first name and last name).
  2. If the response is empty, the automation will add a new entry to the DB table, including the user that clicked the button, creation time and description of which incident the entry is related to.
  3. If the response is not empty, it means that there is already an entry with this data (first name and last name, in our example) so the automation sends an “UPDATE” query to update the value fields of the entry (Age, for example), and other params, like “Last Modified” and the user that update the entry.
  4. Finally, it runs the first query to get the new or updated entry and set the data in the grid field.

The grid field and button:

The Button Configuration:

The Script:

To see the full script click the button

Found that intersting? stay tuned for more!

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email

Leave a Reply

About Us

We increase the security of organizational information and anticipate threats before they cause damage, and improve the level of protection of organizational information, by providing end-to-end SIEM solution.

Recent Posts

Skip to content