Basic, I think, SOAR question related to actions based on 3rd party detections

We are a Mimecast shop. We have NG-SIEM ingesting from Mimecast. We regularly get detections where Mimecast has blocked an attachment or some other successful block action. We want to have a workflow that takes the domain of the sender and add it to Zscaler.

When I create a workflow with the trigger being a 3rd Party NG-SIEM detection, I can’t find a way to have the fields exposed that I need for the action.

It’s usually something like sender.domain

I know the data is there because I can see it in the detection as well as in the raw results of a search.

This shouldn’t be this difficult!

reddit.com
u/AdJolly187 — 10 days ago
▲ 223 r/birding

Eurasian Tree Sparrow -Southern New Jersey

Pic taken in NJ by Birdfy. Seems to be a rare sighting for Southern NJ. Can someone ID this guy

u/AdJolly187 — 1 month ago

Low cost option for adding outdoor WiFi to my setup

I have an Express 7 and a U7 Pro at home. The U7 Pro does a fine job giving me coverage in my house.

I’m looking to improve coverage outside on my deck. Can I use the AC Mesh (UAP-AC-M) to extend coverage easily? I do have a spare POE port I can use for it. My outdoor needs are pretty basic and I’m trying to save a few bucks by deploying this rather than a U7 Outdoor.

reddit.com
u/AdJolly187 — 1 month ago