Issue
Which attribute can I use in a playbook to pull the email address of the person who acknowledged a threat?
Resolution
The $Detection.marked_acknowledged_by_user.email attribute will return the email address of the person who acknowledged the threat. However, if the attribute name is used in conjunction with a threat that has not been acknowledged, it will return the attribute name because there is no email address available. If you create a Playbook that is triggered when a threat is remediated, but no one has acknowledged that threat, there would not be an email address to populate the attribute.
Comments
0 comments
Please sign in to leave a comment.