Here is a script that runs off the query results data table in the fn_exchange_online integration:
artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_email_address)
artifact_type = "Email Recipient"
artifact_value = row.exo_dt_email_address
if artifact_value:
incident.addArtifact(artifact_type, artifact_value, artifact_description)
artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_sender_email)
artifact_type = "Email Sender"
artifact_value = row.exo_dt_sender_email
if artifact_value:
incident.addArtifact(artifact_type, artifact_value, artifact_description)
artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_message_subject)
artifact_type = "Email Subject"
artifact_value = row.exo_dt_message_subject
if artifact_value:
incident.addArtifact(artifact_type, artifact_value, artifact_description)
Hope this helps!
------------------------------
AnnMarie Norcross
------------------------------
Original Message:
Sent: Mon February 06, 2023 03:05 AM
From: Przemyslaw Klys
Subject: How to create artifact by fetching data from a table
Hello
Do you have a script that creates artifacts by fetching data from a datatable
Thanks
Przemek
------------------------------
Przemyslaw Klys
------------------------------