This article describes how to initiate an action to close Suspicious Activity incidents from Nebula using Palo Alto Networks Cortex™ XSOAR command line interface. Use the malwarebytes-get-sa-activities command to get machine and detection ID.
Base command
malwarebytes-close-sa-incident
Input
| Argument name | Description | Required |
| machine_id | The machine ID of an endpoint where Suspicious Activity is found. | Required |
| detection_id | The detection ID of the Suspicious Activity. | Required |
Context Output
| Path | Type | Description |
| Malwarebytes.SA.Machine_ID | string | The machine ID of the Suspicious host. |
Command example
!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=67931295
Context example
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human readable output
Close SA Incident action is initiated Successfully for the detection id: 67931295
Return to the table of contents.