After Actions Report

10 min

the after actions report connector automates the creation of detailed incident reports, enhancing documentation and analysis of security events the after actions report connector streamlines the process of creating detailed incident reports within the swimlane turbine platform by leveraging this connector, users can automatically generate comprehensive after action reports that document all relevant incident details, findings, and custom fields based on a provided template this integration significantly enhances the efficiency of incident response workflows, ensuring that all necessary information is captured and organized for post incident analysis and compliance purposes the connector's ability to handle a wide array of input fields, from event details to analyst contact information, makes it an indispensable tool for security teams looking to improve their documentation and review processes prerequisites to effectively utilize the after actions report connector within the swimlane turbine platform, ensure you have the following personal access token authentication with the necessary parameters swimlane url the endpoint url for your swimlane instance swimlane api pat your personal access token for api authentication capabilities this connector provides the following capabilities create after actions report configurations asset authenticates using an personal access token configuration parameters parameter description type required swimlane url internal url of your swimlane instance, i e 'sw web 443 ', 'sw web 4443 ' or fqdn of load balancer string required swimlane api pat personal access token (pat) used when accessing the swimlane api string required default timeout connection timeout in seconds defaults to 60 seconds number optional verify ssl enable ssl certificate verification ignored for non ssl connection boolean optional verbose errors http errors will contain more detail about the request and response if selected boolean optional actions create after action report generate a comprehensive after action report for an incident, documenting all relevant details and findings endpoint method get input argument name type required description event source string optional parameter for create after action report tracking id string optional unique identifier case summary string optional parameter for create after action report soc analysis string optional parameter for create after action report event occurred on string optional parameter for create after action report event received on string optional parameter for create after action report case created on string optional parameter for create after action report case claimed on string optional parameter for create after action report case closed on string optional parameter for create after action report case tt closed min string optional parameter for create after action report case current owner string optional parameter for create after action report analyst phone string optional parameter for create after action report user account string optional count value hostname string optional name of the resource email address string optional parameter for create after action report ticket details string optional parameter for create after action report oob recipient string optional parameter for create after action report base64 template string optional base64 encoded template custom fields string optional custom fields to be added to the report the template must have the exact key name it needs to be a json string where the key is the field name and the value is the value to be added to that field input example {"event source" "string","tracking id" "string","case summary" "string","soc analysis" "string","event occurred on" "string","event received on" "string","case created on" "string","case claimed on" "string","case closed on" "string","case tt closed min" "string","case current owner" "string","analyst phone" "string","user account" "string","hostname" "example name","email address" "string","ticket details" "string","oob recipient" "string","base64 template" "string","custom fields" "string"} output parameter type description report object output field report output example {"report" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt