Executing Integration Command with Parameters Using a Rule


I'm new to the ArcSight platform and need assistance with a requirement. Specifically, I want to execute a script and store the results in a lookup file. Here's the overall workflow:

  1. I have created a rule that is scheduled to trigger every hour.
  2. When the rule is triggered, I want to extract the data from the past hour and identify the Indicators of Compromise (IOCs) within that data.
  3. I have created an integration command that accepts the extracted IOCs as parameters.
  4. The script will return an enriched result that I want to store in a lookup file.

My questions are:

  1. How can I extract the IOCs from the past hour's data and pass them as parameters to the integration command within the rule?
  2. How can I store the results returned by the script command into a lookup file (or any other storage, from which I can create a dashboard with the data)?

Any other workflow that satisfies my requirement, please suggest it.

Any guidance or insights would be greatly appreciated!

Thank you,
Prashant Nakum