Configuring Detection Engineering Extension

configuring builder mode drag the detection library feedback applet into title section of the cim application from the field properties , select hide section border checkbox drag the section into the applet and name it as submit feedback playbook button drag the playbook button and name it as submit feedback map the playbook button to detection engineering playbook and save the cim application drag the playbook button inside the section supported playbook buttons and name it as fetch detection library tracking id map the playbook button to detection engineering playbook and save the cim application drag the playbook button inside the section supported playbook buttons and name it as clear fields map the playbook button to detection engineering playbook and save the cim application configuring workflow mode enable action default detection feedback applet layout enable condition if status == resolved and signal source == alert select status field from cim application and select value as resolved select signal source field from cim application and select value as alert replace dummy status field with status field select value as resolved replace dummy signal source with signal source select value as alert configuring playbook open the detection engineering playbook four button triggers are seen ignore the dummy button and the remaining three are from builder configurations search for the following actions and drag them to the three feedback playbook buttons de submit feedback workflow de fetch detection feedback reference id de clear detection feedback fields click on configure for any of the action map cim application name to playbook property click + > playbook property from the dynamic value field click button trigger > application > name map record values to playbook property select playbook property and click the field click button trigger > current record values repeat steps 3 , 4 , and 5 for all three button triggers save the playbook