ICON Send Artifacts to IDR Investigation after Custom Pattern Alert

We use the “Search Investigation” action and build a match filter like this:

[{“field”:“title”,“value”:“{{["IDR Alert"].[alert].[name]}}”,“operator”:“CONTAINS”},{“field”:“title”,“value”:“{{["IDR Alert"].[logs].[0].[name]}}”,“operator”:“CONTAINS”},{“field”:“title”,“value”:“{{["IDR Alert"].[logs].[0].[logSet].[0].[name]}}”,“operator”:“CONTAINS”},{“field”:“status”,“value”:“OPEN”,“operator”:“EQUALS”}]