This article describes how to initiate an action to close Suspicious Activity incidents from Nebula using Palo Alto Networks Cortex™ XSOAR command line interface. Use the malwarebytes-get-sa-activities command to get machine and detection ID.
Base command
malwarebytes-close-sa-incident
Input
Argument name | Description | Required |
machine_id | The machine ID of an endpoint where Suspicious Activity is found. | Required |
detection_id | The detection ID of the Suspicious Activity. | Required |
Context Output
Path | Type | Description |
Malwarebytes.SA.Machine_ID | string | The machine ID of the Suspicious host. |
Command example
!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295
Context example
{ "Malwarebytes.SA": { "Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399" } }
Human readable output
Close SA Incident action is initiated Successfully for the detection id: 67931295
Return to the table of contents.