Skip to main content

setEnrichment

A Workflow Engine function that updates a single record in the enrichment datastore with data from an alert. Returns true if the request is successful.

This function relates directly to the API details from your Enrichment API integration.

This function is available as a feature of the Add-ons v1.4 download and later.

This function is available for event, alert, and enrichment workflows.

This function does not modify the in-scope object when it updates enrichment data.

Back to Workflow Engine Functions Reference.

Arguments

Workflow Engine function setEnrichment takes the following arguments:

Name

Required

Type

Description

attribute

Yes

String

Name of the attribute to lookup. For example, "hostname".

value

Yes

String

Name of the field or workflowContext key holding the data to lookup.

To specify a workflowContext key, prefix with "workflowContext". For example, "workflowContext.lookupkey".

data

Yes

String

Name of the field or workflowContext key which holds the data to store against the source key. If you are using a workflowContext key, prefix with the string "workflowContext". For example, "workflowContext.datakey". Must contain a vaild JSON object.

Example

The following example demonstrates typical use of Workflow Engine function setEnrichment.

You want to send an update to your Enrichment API endpoint, using an attribute called "source" as the search key and the contents of the workflowContext key “data” as the enrichment data to store. Set the following:

Within your endpoint you have an attribute called "source". You want to send an update to the value of the custom_info.lookupkey field and use the contents of the workflowContext key “data” as the enrichment data to store. Set the following:

  • attribute: source

  • value: custom_info.lookupkey

  • data: workflowContext.datakey

The UI translates your settings to the following JSON:

{"attribute":"source","value":"custom_info.lookupkey","data":"workflowContext.datakey"}

If successful, the function returns true and sends a request to the API endpoint, using the object source field as the search key.