This post is the 2nd part, of a two-part use case on Grid Field in SOAR, written by our SOAR expert Ben Aviv. For reading the first part, please click here.
Some use-cases require the analysts to add or update external DB entries, for example blacklisting the incident offender in an external system.
One of Cyray’s developments is using the grid field to mirror a DB entry. We use hard-coded SQL queries with several changes that enable us to reflect the whole DB table.
What will you need to make it work:
- A working integration of SQL query
- A grid field that reflects the DB table entry’s fields
- Automation that performs the actual mirror action
- A button that executes the automation

To create a new grid field
To create a new grid field go to Settings > Advanced > Fields, and click on the “ + New Field” button, and choose in the incident field type “Grid (table)”.
To add or remove a column
To add or remove a column, click on the “+” or “-” sign on the right side of the table.
Author
marat