def on_finish(container, summary):
phantom.debug("on_finish() called")
output = {
"someoutput": "",
"somevalue": "",
}
################################################################################
## Custom Code Start
################################################################################
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return
def on_finish(container, summary):
phantom.debug("on_finish() called")
format_note__note_content = json.loads(phantom.get_run_data(key="format_note:note_content"))
output = {
"note_title": "TruSTAR Indicator Enrichment",
"note_content": format_note__note_content,
}
################################################################################
## Custom Code Start
################################################################################
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return
def on_finish(container, summary):
phantom.debug("on_finish() called")
merge_notes = phantom.get_format_data(name="merge_notes")
output = {
"note_title": "[Auto-Generated] Protect Assets and Users Summary",
"note_content": merge_notes,
}
################################################################################
## Custom Code Start
################################################################################
list_asset_playbooks_data = phantom.collect2(
container=container,
datapath=[
"list_asset_playbooks:custom_function_result.data.*.full_name"
])
list_identity_playbooks_data = phantom.collect2(
container=container,
datapath=[
"list_identity_playbooks:custom_function_result.data.*.full_name"
])
list_asset_playbooks_list = [
item[0] for item in list_asset_playbooks_data if item[0]
]
list_identity_playbooks_list = [
item[0] for item in list_identity_playbooks_data if item[0]
]
if not list_asset_playbooks_list and not list_identity_playbooks_list:
raise RuntimeError(
"No playbooks found for provided 'playbooks_list' criteria")
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return
def on_finish(container, summary):
phantom.debug("on_finish() called")
# Added custom code to overcome bug with on_finish trying to call outputs that may not exist
process_notes__note_title = phantom.get_run_data(
key="process_notes:note_title")
process_notes__note_content = phantom.get_run_data(
key="process_notes:note_content")
if process_notes__note_title:
process_notes__note_title = json.loads(process_notes__note_title)
if process_notes__note_content:
process_notes__note_content = json.loads(process_notes__note_content)
output = {
"note_title": process_notes__note_title,
"note_content": process_notes__note_content,
}
################################################################################
## Custom Code Start
################################################################################
# Error handling in case of playbook not being able to find investigative playbooks
list_investigate_playbooks_data = phantom.collect2(
container=container,
datapath=[
"list_investigate_playbooks:custom_function_result.data.*.full_name"
])
list_investigate_playbooks_data___full_name = [
item[0] for item in list_investigate_playbooks_data if item[0]
]
if not list_investigate_playbooks_data___full_name:
raise RuntimeError("Unable to find investigate type playbooks.")
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return
def on_finish(container, summary):
phantom.debug("on_finish() called")
format_note = phantom.get_format_data(name="format_note")
output = {
"note_title": "[Auto-Generated] Block Indicator Summary",
"note_content": format_note,
}
################################################################################
## Custom Code Start
################################################################################
decide_and_launch_playbooks__names = phantom.get_run_data(
key="decide_and_launch_playbooks:names")
if not decide_and_launch_playbooks__names:
raise RuntimeError(
"Unable to launch block playbooks due to missing indicators or missing playbooks"
)
elif not json.loads(decide_and_launch_playbooks__names):
raise RuntimeError(
"Unable to launch block playbooks due to no matching indicators for playbook inputs"
)
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return
def on_finish(container, summary):
phantom.debug("on_finish() called")
format_summary_note = phantom.get_format_data(name="format_summary_note")
output = {
"note_title": "[Auto-Generated] Notable Event Summary",
"note_content": format_summary_note,
}
################################################################################
## Custom Code Start
################################################################################
# Error handling in case of playbook not being able to import data properly
if not format_summary_note:
raise RuntimeError("Error occured during import data and summary note is missing")
# This function is called after all actions are completed.
# summary of all the action and/or all details of actions
# can be collected here.
# summary_json = phantom.get_summary()
# if 'result' in summary_json:
# for action_result in summary_json['result']:
# if 'action_run_id' in action_result:
# action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
# phantom.debug(action_results)
################################################################################
## Custom Code End
################################################################################
phantom.save_playbook_output_data(output=output)
return