Actions
Alert Actions
All the Case Management Alert Actions.
Create Alert
Create a new alert and add it to a case by filling in the following parameters:Create Alert Action Fields
Create Alert Action Fields
| Parameter | Description | |
|---|---|---|
| Name | The name of the Alert | |
| Vendor | The Vendor associated with the alert | |
| Event | The Alert Event | |
| Severity | This is the severity rank of your Case. You can map severity values from incoming alert payloads to Blink’s system severity levels (e.g., ‘10’ → ‘Low’). Use the mapping settings in Advanced Settings. | |
| Link Cased | The Name and ID of the Case you want to add to this Alert to | |
| Description | A brief explanation explaining the Alert | |
| Custom Fields (JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. | |
| Advanced- Dedup Table | The selected table to evaluate the duplicated condition (Dedup Condition) against. | |
| Advanced- Dedup Condition | The duplicate condition to check whether to insert the record or not. When the condition is met, the record will not be inserted. | |
| Advanced- Linked Observables | The Name and ID of the Observable you want to link to this Alert | |
| Advanced- Linked Alerts | The Name and ID of the Alert you want to link to this Alert. | |
| Advanced- Linked Attachments | The Name and ID of the Attachment you want to link to this Alert. | |
| Advanced- Linked Tasks | The Name and ID of the Tasks you want to link to this Alert. | |
| Advanced- Default Severity | Assigned severity rank used when no specific severity has been set. If a severity value is is null or the value provided but does not match any mapping or recognized Blink severity levels, the default severity will be used instead. | |
| Advanced- Low Severity Mapping | A comma-separated list of vendor-specific severity values that map to Blink’s Case Management’s Low severity level. | |
| Advanced- Medium Severity Mapping | A comma-separated list of vendor-specific severity values that map to Blink’s Case Management’s Medium severity level. | |
| Advanced- High Severity Mapping | A comma-separated list of vendor-specific severity values that map to Blink’s Case Management’s High severity level. | |
| Advanced- Critical Severity Mapping | A comma-separated list of vendor-specific severity values that map to Blink’s Case Management’s Critical severity level. |
Mapping Alert Severity to Blink’s System
Different security tools often report severity using their own scales—numeric values, labels, or custom levels. To ensure consistent prioritization in Blink, you can map these varying severity values, in the advanced settings of the Create Alert action, to Blink’s standardized severity levels (Low=1, Medium=2, High=3, Critical=4). For Example: Example Payload:50.
50 is mapped to Blink’s High severity level, which corresponds to a severity rank of 3 in the output.You can customize these mappings to ensure external alert severity levels align with your internal triage and prioritization standards.
Blink’s severity levels are ranked as:
- Low =
1 - Medium =
2 - High =
3 - Critical =
4
Delete Alert
Deleting an alert from a case by filling in the following parameters in the step.| Parameter | Description |
|---|---|
| Alert ID | The Alert’s ID |
Update Alert
Updating an already existing alert in a case by filling in the following parameters. This action overwrites all of the alert’s data.| Parameter | Description |
|---|---|
| Alert | The Alert’s ID |
| Name | The updated Name of the Alert |
| Alert Type | The updated Alert type |
| Vendor | The Vendor associated with the alert |
| Severity | The severity rank of your Case. It can be: Low, Medium, High or Critical |
| Event | The Alert Event |
| Description | A brief explanation explaining the Alert |
| Custom Fields (JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
