Use the create_relationships
parameter in an integration to create relationships between indicators as part of enrichment.
The create_relationships
parameter in integrations creates relationships between indicators.
- defaultvalue: 'true' additionalinfo: Create relationships between indicators as part of enrichment. display: Create relationships name: create_relationships required: false type: 8
To create a relationship:
Create an
EntityRelationship
object with the relationship's data. If more than one relationship exists, create a list and append all of theEntityRelationship
objects to it.EntityRelationship( name='contains', entity_a='1.1.1.1', entity_a_type='IP', entity_b='2.2.2.2', entity_b_type='IP', source_reliability='B - Usually reliable', brand='My Integration ID')
When setting the name of the relationship, choose a value that appears in the the predefined list of relationships.
Use the
Common
object when creating the indicator and in the relationships key set the list ofEntityRelationship
objects.Use
CommandResults
to set the relationships key to the list ofEntityRelationship
objects.
For more information about creating a relationship entity, see EntityRelationship.