Beispiel #1
0
def remove_temp_lists(action=None,
                      success=None,
                      container=None,
                      results=None,
                      handle=None,
                      filtered_artifacts=None,
                      filtered_results=None):
    phantom.debug('remove_temp_lists() called')
    results_data_1 = phantom.collect2(
        container=container,
        datapath=['get_temp_lists:action_result.data.*.response_body'],
        action_results=results)
    results_item_1_0 = [item[0] for item in results_data_1]

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...
    phantom.debug(results_item_1_0)
    for item in results_item_1_0[0]['data']:
        phantom.remove_list(item['name'])

    ################################################################################
    ## Custom Code End
    ################################################################################

    return
def Make_List(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None):
    phantom.debug('Make_List() called')
    results_data_1 = phantom.collect2(container=container, datapath=['run_query_1:action_result.data'], action_results=results)
    results_item_1_0 = [item[0] for item in results_data_1]

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...
    list_name = "temp_peer_list_%s" % container['id']
    
    # Store list name in container data
    data = phantom.get_container(container['id'])['data']
    data.update({"peer_list":list_name})
    phantom.update(container, {'data':data} )
    
    phantom.remove_list(list_name)
    
    #phantom.debug(results_item_1_0)
    for row in results_item_1_0[0]:
        phantom.add_list(list_name, [row["peer"],row["count"], row["priority"]])

    ################################################################################
    ## Custom Code End
    ################################################################################
    add_comment_1(container=container)

    return
def L5_CF_Get_Query_Results_py3_SOAR53(peer=None,
                                       priority=None,
                                       count=None,
                                       container=None,
                                       **kwargs):
    """
    created with SOAR 5.3
    
    Args:
        peer
        priority
        count
        container (CEF type: phantom container id)
    
    Returns a JSON-serializable object that implements the configured data paths:
        results_list_name
    """
    ############################ Custom Code Goes Below This Line #################################
    import json
    import phantom.rules as phantom

    outputs = {}

    # Write your custom code here...
    phantom.debug(container)
    phantom.debug(type(container))
    list_name = "temp_peer_list_%s" % container

    # You need the container object in order to update it.
    update_container = phantom.get_container(container)

    # Get the data node of the container
    data = phantom.get_container(container)['data']
    data.update({"peer_list": list_name})
    phantom.update(update_container, {'data': data})
    phantom.remove_list(list_name)

    for i in range(0, len(peer)):
        phantom.add_list(list_name, [peer[i], priority[i], count[i]])

    # The actual list is in slot 3 of the tuple returned by phantom.get_list()
    results_list = phantom.get_list(list_name)[2]
    phantom.debug(results_list)
    outputs = {'results_list_name': list_name}

    # Return a JSON-serializable object
    assert json.dumps(
        outputs
    )  # Will raise an exception if the :outputs: object is not JSON-serializable
    return outputs
Beispiel #4
0
def on_finish(container, summary):
    phantom.debug('on_finish() called')
    phantom.remove_list(list_name='Threats-Reported', empty_list=True)
    phantom.remove_list(list_name='Threats-Repeated', empty_list=True)
    # phantom.debug("create_ticket_1:action_result.parameter.id")
    phantom.debug(phantom.get_format_data(name="format_1"))

    # This function is called after all actions are completed.
    # summary of all the action and/or all detals of actions
    # can be collected here.

    # summary_json = phantom.get_summary()
    # if 'result' in summary_json:
    # for action_result in summary_json['result']:
    # if 'action_run_id' in action_result:
    # action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
    # phantom.debug(action_results)

    return
Beispiel #5
0
def delete_lists(action=None,
                 success=None,
                 container=None,
                 results=None,
                 handle=None,
                 filtered_artifacts=None,
                 filtered_results=None,
                 custom_function=None,
                 **kwargs):
    phantom.debug("delete_lists() called")

    get_temp_custom_lists_result_data = phantom.collect2(
        container=container,
        datapath=[
            "get_temp_custom_lists:action_result.data.*.parsed_response_body"
        ],
        action_results=results)

    get_temp_custom_lists_result_item_0 = [
        item[0] for item in get_temp_custom_lists_result_data
    ]

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...
    # phantom.debug(get_temp_custom_lists_result_data)

    for item in get_temp_custom_lists_result_item_0[0]['data']:
        # phantom.debug(item['name'])
        phantom.remove_list(item['name'])

    ################################################################################
    ## Custom Code End
    ################################################################################

    return