In this post, our SOAR expert, Mr.Ben Aviv, will demonstrate how to use a grid field in XSOAR (Demisto). This action is a daily activity in every SOC, we intend to help you fully understand how to use and manage the grid field. This post is one of the two-part use cases in SOAR by our expert.
Let’s start: The Grid field is displaying a JSON array as a table.
In a grid field, the following array will look like the following grid: [{“name”:”Yarin”,”age”:”22”},{“name”:”Yochay”,”age”:”29”},{“name”:”Emily”,”age”:”21”}]
| Name | Age |
| Yarin | 22 |
| Yochay | 29 |
| Emily | 21 |
To create a new grid field go to Settings > Advanced > Fields, and click on the “ + New Field” button, and choose in the incident field type “Grid (table)”.
To add or remove a column, click on the “+” or “-” sign on the right side of the table.
Note that you can choose the type of each column by clicking the small gear icon near the column header (for example, if you want the values of a column to be a clickable URL address, choose URL type.)
In order to insert columns to the grid, you will need to run the “setIncident” command like this:
!setIncident =’[{“name”:”Yarin”,”age”:”22”},{“name”:”Yochay”,”age”:”29”}]’
Where each “{}” represents a row in the grid.
When setting the incident field, the name of the column should be in lowercase, and without any special characters or spaces. (“Manager’s Phone” will turn into “managersphone”)
This post helped you? Share with us how!
Subscribe and stay tuned for additional tools and tips from Cyray’s experts
0
39
0
