def get_vulnerabilities_by_asset_command(): hostname, ip, date_range = demisto.getArg('hostname'), demisto.getArg( 'ip'), demisto.getArg('dateRange') params, indicator = args_to_request_params(hostname, ip, date_range) asset_id = get_asset_id(params) if not asset_id: return 'No Vulnerabilities for asset {}'.format(indicator) info = send_asset_vuln_request(asset_id, date_range) if 'error' in info: return_error(info['error']) vulns = convert_severity_values( replace_keys(info['vulnerabilities'], ASSET_VULNS_NAMES_MAP)) if vulns: entry = get_entry_for_object( 'Vulnerabilities for asset {}'.format(indicator), 'TenableIO.Vulnerabilities', vulns, ASSET_VULNS_HEADERS) entry['EntryContext'][ 'TenableIO.Assets(val.Hostname === obj.Hostname)'] = { 'Vulnerabilities': map(lambda x: x['plugin_id'], info['vulnerabilities']), 'Hostname': indicator } return entry
def assign_alert(): """ Assign alert to an Assignee ID """ alert_id = demisto.getArg('alert-id') assignee_email = demisto.getArg('assignee-email') is_mssp = demisto.getArg('is-mssp-optional') assignee_id = get_assignee_id(assignee_email) assign_details = {'ID': alert_id, 'Assignees.AssigneeID': assignee_id} url = 'public/v1/data/alerts/assign-alert/' + alert_id if is_mssp: url += '?IsMssp=' + is_mssp req('PATCH', url, json_data={'AssigneeID': assignee_id}) demisto.results({ 'Type': entryTypes['note'], 'EntryContext': { 'IntSights.Alerts(val.ID === obj.ID)': assign_details }, 'Contents': assign_details, 'HumanReadable': tableToMarkdown( 'IntSights Assign Alert: The Alert has been successfully assigned to assigneeID', [assign_details], ['ID', 'Assignees.AssigneeID']), 'ContentsFormat': formats['json'] })
def main(): # Following methods raise exceptions so no need to check for return codes # But we do need to catch them global SERVER FROM = demisto.getParam('from') FQDN = demisto.params().get('fqdn') FQDN = (FQDN and FQDN.strip()) or None stderr_org = None try: if demisto.command() == 'test-module': stderr_org = swap_stderr(LOG) smtplib.SMTP.debuglevel = 1 SERVER = SMTP(demisto.getParam('host'), int(demisto.params().get('port', 0)), local_hostname=FQDN) SERVER.ehlo() # TODO - support for non-valid certs if demisto.getParam('tls'): SERVER.starttls() user, password = get_user_pass() if user: SERVER.login(user, password) except Exception as e: # also reset at the bottom finally swap_stderr(stderr_org) # type: ignore smtplib.SMTP.debuglevel = 0 demisto.error('Failed test: {}\nStack trace: {}'.format(e, traceback.format_exc())) return_error_mail_sender(e) return # so mypy knows that we don't continue after this # -- COMMANDS -- try: if demisto.command() == 'test-module': msg = MIMEText('This is a test mail from Demisto\nRegards\nDBot') # type: Message msg['Subject'] = 'Test mail from Demisto' msg['From'] = FROM msg['To'] = FROM SERVER.sendmail(FROM, [FROM], msg.as_string()) SERVER.quit() demisto.results('ok') elif demisto.command() == 'send-mail': raw_message = demisto.getArg('raw_message') if raw_message: to = argToList(demisto.getArg('to')) cc = argToList(demisto.getArg('cc')) bcc = argToList(demisto.getArg('bcc')) str_msg = raw_message else: (str_msg, to, cc, bcc) = create_msg() SERVER.sendmail(FROM, to + cc + bcc, str_msg) # type: ignore SERVER.quit() # type: ignore demisto.results('Mail sent successfully') else: return_error_mail_sender('Command not recognized') except SMTPRecipientsRefused as e: error_msg = ''.join('{}\n'.format(val) for key, val in e.recipients.iteritems()) return_error_mail_sender("Encountered error: {}".format(error_msg)) except Exception as e: return_error_mail_sender(e) finally: swap_stderr(stderr_org) # type: ignore smtplib.SMTP.debuglevel = 0
def search_entities(): """ Search entities using the available filters """ q = _add_time_to_q('*') q = _add_list_to_q(q, {'asset_type': 'entity-type'}) query = QUERY.copy() query['q'] = q query['offset'] = demisto.getArg('offset') query['limit'] = demisto.getArg('limit') query['sort_by'] = demisto.getArg('sort') resp_json = req('GET', 'search/assets', query) entities = [] for entity in resp_json['objects']: readable = entity_to_readable(entity) readable['IpAddress'] = entity.get('ip') entities.append(readable) ec = {'Jask.Entity(val.Id === obj.Id)': entities} demisto.results({ 'Type': entryTypes['note'], 'ContentsFormat': formats['json'], 'Contents': resp_json, 'EntryContext': ec, 'HumanReadable': tableToMarkdown('Entities', entities, [ 'Id', 'Name', 'FirstSeen', 'LastSeen', 'Source', 'EntityType', 'PrimaryEntityType', 'Hostname', 'RiskScore', 'IsWhitelisted', 'Groups', 'IpAddress' ]) })
def close_alert(): """ Close an alert """ alert_id = demisto.getArg('alert-id') reason = demisto.getArg('reason') free_text = demisto.getArg('free-text') is_hidden = demisto.getArg('is-hidden') rate = demisto.getArg('rate') close_details = {'ID': alert_id, 'Close Reason': reason, 'Closed FreeText': free_text, 'Closed Rate': rate, 'IsHidden': is_hidden} close_details_context = {'ID': alert_id, 'Closed': {'Reason': reason, 'FreeText': free_text, 'Rate': rate}, 'IsHidden': is_hidden} url = 'public/v1/data/alerts/close-alert/' + alert_id json_data = {'Reason': reason} if free_text: json_data['FreeText'] = free_text if free_text: json_data['IsHidden'] = is_hidden if free_text: json_data['Rate'] = rate req('PATCH', url, json_data) demisto.results({ 'Type': entryTypes['note'], 'EntryContext': {'IntSights.Alerts(val.ID === obj.ID)': close_details}, 'Contents': close_details_context, 'HumanReadable': tableToMarkdown('IntSights Close Alert: The Alert has successfully been closed.', [close_details], ['ID', 'Close Reason', 'Closed FreeText', 'Closed Rate', 'IsHidden']), 'ContentsFormat': formats['json'] })
def get_scans_command(): folder_id, last_modification_date = demisto.getArg( 'folderId'), demisto.getArg('lastModificationDate') if last_modification_date: last_modification_date = int( time.mktime( datetime.strptime(last_modification_date[0:len('YYYY-MM-DD')], "%Y-%m-%d").timetuple())) response = send_scan_request(folder_id=folder_id, last_modification_date=last_modification_date) scan_entries = map(get_scan_info, response['scans']) valid_scans = filter(lambda x: x is not None, scan_entries) invalid_scans = [ k for k, v in zip(response['scans'], scan_entries) if v is None ] res = [ get_entry_for_object('Tenable.io - List of Scans', 'TenableIO.Scan(val.Id && val.Id === obj.Id)', replace_keys(valid_scans), GET_SCANS_HEADERS) ] if invalid_scans: res.append( get_entry_for_object( 'Inactive Web Applications Scans - Renew WAS license to use these scans', 'TenableIO.Scan(val.Id && val.Id === obj.Id)', replace_keys(invalid_scans), GET_SCANS_HEADERS, remove_null=True)) return res
def reopen_alerts(): """ Reopen the given list of alerts based on given filter """ ids = argToList(demisto.getArg('alert-id')) policies = argToList(demisto.getArg('policy-id')) payload = {'alerts': ids, 'policies': policies, 'filter': {}} demisto.args().pop('alert-id', None) handle_filters(payload['filter']) handle_time_filter(payload['filter'], {'type': 'to_now', 'value': 'epoch'}) if not ids and not policies: return_error( 'You must specify either alert-id or policy-id for re-opening alerts' ) r = req('POST', 'alert/reopen', payload, None) ec = {} if ids: ec['Redlock.ReopenedAlert.ID'] = ids demisto.results({ 'Type': entryTypes['note'], 'ContentsFormat': formats['json'], 'Contents': r, 'EntryContext': ec, 'HumanReadable': '### Alerts re-opened successfully.' })
def ask_analyst(): """ Send question to an analyst about the requested alert """ alert_id = demisto.getArg('alert-id') question = demisto.getArg('question') req('POST', 'public/v1/data/alerts/ask-the-analyst/' + alert_id, json_data={'Question': question}) question_details = {'ID': alert_id, 'Question': question} demisto.results({ 'Type': entryTypes['note'], 'EntryContext': { 'IntSights.Alerts(val.ID === obj.ID)': question_details }, 'Contents': question_details, 'HumanReadable': tableToMarkdown( 'IntSights Ask the Analyst: Your question has been successfully sent to an analyst about the requested alert', [question_details], ['ID', 'Question']), 'ContentsFormat': formats['json'] })
def change_severity(): """ Change severity of an alert """ alert_id = demisto.getArg('alert-id') severity = demisto.getArg('severity') req('PATCH', 'public/v1/data/alerts/change-severity/' + alert_id, json_data={'Severity': severity}) severity_details = {'ID': alert_id, 'Severity': severity} demisto.results({ 'Type': entryTypes['note'], 'EntryContext': { 'IntSights.Alerts(val.ID === obj.ID)': severity_details }, 'Contents': severity_details, 'HumanReadable': tableToMarkdown( 'IntSights Update Alert Severity: The Alert severity has been successfully updated.', [severity_details], ['ID', 'Severity']), 'ContentsFormat': formats['json'] })
def get_response_policies_command(): start = demisto.getArg('start') count = demisto.getArg('count') raw_response_policies = get_response_policies(start, count) response_policies, hr = create_response_policies_result( raw_response_policies) return_outputs(hr, response_policies, raw_response_policies)
def handle_filters(foundDateFrom=None): """ Apply filters to alert list """ argsConversion = { 'alert-type': 'alertType', 'source-type': 'sourceType', 'network-type': 'networkType', 'source-date-from': 'sourceDateFrom', 'source-date-to': 'sourceDateTo', 'found-date-from': 'foundDateFrom', 'found-date-to': 'foundDateTo', 'is-flagged': 'isFlagged', 'is-closed': 'isClosed', 'source-ID': 'sourceId', 'first-seen-from': 'firstSeenFrom', 'first-seen-to': 'firstSeenTo', 'last-seen-from': 'lastSeenFrom', 'last-seen-to': 'lastSeenTo', 'value': 'iocValue', } params = {} for k in demisto.args(): if demisto.getArg(k): params[argsConversion.get(k) or k] = demisto.getArg(k) if demisto.getArg('time-delta'): time_delta_in_days = demisto.getArg('time-delta') update_params_dict_according_to_delta_arg(params, int(time_delta_in_days)) elif foundDateFrom: params['foundDateFrom'] = foundDateFrom return params
def get_report_by_id_command(triage_instance) -> None: report_id = int(demisto.getArg('report_id')) # type: int verbose = demisto.getArg('verbose') == "true" report = TriageReport.fetch(triage_instance, report_id) if not report: raise TriageRequestEmptyResponse(report_id, "Report") if verbose: report_attrs = report.attrs else: report_attrs = report.terse_attrs if report.attachment: demisto.results({ **report.attachment, **{ "HumanReadable": "### Cofense HTML Report:\nHTML report download request has been completed" }, }) del report_attrs["report_body"] hr = tableToMarkdown("Report Summary:", report_attrs, headerTransform=split_snake, removeNull=True) ec = { "Cofense.Report(val.ID && val.ID == obj.ID)": snake_to_camel_keys([report_attrs]) } return_outputs(readable_output=hr, outputs=ec, raw_response=report.to_json())
def get_report_command(): scan_id, info, detailed = demisto.getArg('scanId'), demisto.getArg('info'), demisto.getArg('detailed') results = [] scan_details = send_scan_request(scan_id) if info == 'yes': scan_details['info']['id'] = scan_id scan_details['info'] = replace_keys(scan_details['info']) results.append( get_entry_for_object('Scan basic info', 'TenableIO.Scan(val.Id && val.Id === obj.Id)', scan_details['info'], SCAN_REPORT_INFO_HEADERS)) if 'vulnerabilities' not in scan_details: return "No vulnerabilities found." vuln_info, vulns_not_found = get_vuln_info(scan_details['vulnerabilities']) vuln_info = convert_severity_values(replace_keys(vuln_info)) results.append(get_entry_for_object('Vulnerabilities', 'TenableIO.Vulnerabilities', vuln_info, SCAN_REPORT_VULNERABILITIES_HEADERS)) if len(vulns_not_found) > 0: vulns_not_found = replace_keys(vulns_not_found) results.append(get_entry_for_object('Vulnerabilities - Missing From Workbench', 'TenableIO.Vulnerabilities', vulns_not_found, SCAN_REPORT_VULNERABILITIES_HEADERS, True)) if detailed == 'yes': assets = replace_keys(scan_details['hosts'] + scan_details['comphosts']) results.append(get_entry_for_object('Assets', 'TenableIO.Assets', assets, SCAN_REPORT_HOSTS_HEADERS)) if 'remediations' in scan_details and 'remediations' in scan_details['remediations'] and len( scan_details['remediations']['remediations']) > 0: remediations = replace_keys(scan_details['remediations']['remediations'], REMEDIATIONS_NAMES_MAP) results.append(get_entry_for_object('Remediations', 'TenableIO.Remediations', remediations, SCAN_REPORT_REMEDIATIONS_HEADERS)) return results
def handle_filters(payload): """ Add filters to the filter object based on received arguments """ argsConversion = { 'alert-status': 'alert.status', 'policy-name': 'policy.name', 'policy-label': 'policy.label', 'policy-compliance-standard': 'policy.complianceStandard', 'cloud-account': 'cloud.account', 'cloud-region': 'cloud.region', 'alert-rule-name': 'alertRule.name', 'resource-id': 'resource.id', 'resource-name': 'resource.name', 'resource-type': 'resource.type', 'alert-id': 'alert.id', 'cloud-type': 'cloud.type', 'risk-grade': 'risk.grade', 'policy-type': 'policy.type', 'policy-severity': 'policy.severity' } payload['filters'] = [] for k in demisto.args(): if k in ('policy-name', 'policy-label', 'policy-compliance-standard', 'cloud-account', 'cloud-region', 'alert-rule-name', 'resource-id', 'resource-name', 'resource-type', 'alert-status', 'alert-id', 'cloud-type', 'risk-grade', 'policy-type', 'policy-severity') and demisto.getArg(k): payload['filters'].append({ 'name': argsConversion[k], 'operator': '=', 'value': demisto.getArg(k) })
def expression_search_command(): expression_search = ExpressionSearch(host=TICLOUD_URL, username=USERNAME, password=PASSWORD) query = demisto.getArg("query") date = demisto.getArg("date") limit = demisto.getArg("result_limit") query_list = query.split(" ") try: result_list = expression_search.search_aggregated( query=query_list, date=date, max_results=int(limit)) except Exception as e: return_error(str(e)) results = CommandResults( outputs_prefix='ReversingLabs', outputs={'expression_search': result_list}, readable_output="Full report is returned in a downloadable file") file_results = fileResult('Expression Search report file', json.dumps(result_list, indent=4), file_type=EntryType.ENTRY_INFO_FILE) return_results([results, file_results])
def rasterize_email_request(html, friendly_name): global RETURN_CODE, ERROR_MESSAGE with open('htmlBody.html', 'w') as f: f.write('<html style="background:white";>' + html + '</html>') proxy_flag = "--proxy={}".format(HTTP_PROXY) if PROXY else "" demisto.debug('rasterize proxy settings: {}'.format(proxy_flag)) command = [ 'phantomjs', proxy_flag, '/usr/local/bin/rasterize.js', 'htmlBody.html', friendly_name ] if demisto.getArg('width') and demisto.getArg('height'): command.append( demisto.getArg('width') + '*' + demisto.getArg('height')) try: demisto.debug( subprocess.check_output(command, stderr=subprocess.STDOUT)) # type: ignore except Exception as e: RETURN_CODE = -1 ERROR_MESSAGE = str( e ) + '\nYou can choose to receive this errors as warnings in the instance settings'
def main(): try: date = demisto.getArg('date') date_format = demisto.getArg('date_format') time_zone = demisto.getArg('timezone') time_zone = pytz.timezone(time_zone) # Initialize datetime date = datetime.strptime(date, date_format) # Convert to timezone aware date localized_date = time_zone.localize(date) # Convert to UTC timezone utc_converted_date = localized_date.astimezone(pytz.timezone("UTC")) epoch_time = utc_converted_date.strftime('%s') # Initialize entry context to return entry_context = { 'UTCDate': utc_converted_date.strftime(date_format), 'UTCDateEpoch': epoch_time, } return_results({ 'Contents': json.dumps(entry_context), 'ContentsFormat': formats['json'], 'EntryContext': entry_context, }) except Exception as exc: demisto.error(traceback.format_exc()) # print the traceback return_error(f'Failed to execute ConvertDateToUTC. Error: {str(exc)}')
def search_signals(): """ Search signals using available filters """ q = _add_time_to_q('*') q = _add_list_to_q(q, {'source_type': 'source', 'category': 'category'}) query = QUERY.copy() query['q'] = q query['offset'] = demisto.getArg('offset') query['limit'] = demisto.getArg('limit') query['sort_by'] = demisto.getArg('sort') resp_json = req('GET', 'search/signals', query) signals = [signal_to_readable(signal) for signal in resp_json['objects']] ec = {'Jask.Signal(val.Id === object.Id)': signals} demisto.results({ 'Type': entryTypes['note'], 'ContentsFormat': formats['json'], 'Contents': resp_json, 'EntryContext': ec, 'HumanReadable': tableToMarkdown('Signals', signals, [ 'Id', 'Name', 'Category', 'Description', 'Score', 'SourceType', 'Timestamp', 'ThreatIndicators' ]) })
def sandbox_report_command(): md5 = demisto.getArg('md5') details = demisto.getArg('details') res = sandbox_report(md5, details) report = 'Full Details' if details == 'full' else 'Summary' ctype = demisto.get(res, '{}.Classification.Type'.format(report)) dbot_score = 3 if ctype == "MALICIOUS" else 2 if ctype == "SUSPICIOUS" else 1 if ctype == "BENIGN" else 0 ec = { outputPaths['dbotscore']: { 'Indicator': md5, 'Type': 'file', 'Vendor': 'Zscaler', 'Score': dbot_score } } human_readable_report = ec['DBotScore'].copy() human_readable_report["Detected Malware"] = str( demisto.get(res, '{}.Classification.DetectedMalware'.format(report))) human_readable_report["Zscaler Score"] = demisto.get( res, '{}.Classification.Score'.format(report)) human_readable_report["Category"] = demisto.get( res, '{}.Classification.Category'.format(report)) ec[outputPaths['file']] = { 'MD5': md5, 'Zscaler': { 'DetectedMalware': demisto.get(res, '{}.Classification.DetectedMalware'.format(report)), 'FileType': demisto.get(res, '{}.File Properties.File Type'.format(report)), } } if dbot_score == 3: ec[outputPaths['file']]['Malicious'] = { 'Vendor': 'Zscaler', 'Description': 'Classified as Malicious, with threat score: ' + str(human_readable_report["Zscaler Score"]) } demisto.results({ 'Type': entryTypes['note'], 'Contents': res, 'ContentsFormat': formats['json'], 'ReadableContentsFormat': formats['markdown'], 'HumanReadable': tableToMarkdown('Full Sandbox Report', human_readable_report, removeNull=True), 'EntryContext': ec })
def get_attachment_command(triage_instance) -> None: attachment_id = str(demisto.getArg('attachment_id')) # type: str file_name = demisto.getArg('file_name') or attachment_id # type: str res = triage_instance.request(f'attachment/{attachment_id}', raw_response=True) result = fileResult(file_name, res.content) demisto.results(result)
def get_vulnerability_details_command(): plugin_id, date_range = demisto.getArg('vulnerabilityId'), demisto.getArg('dateRange') info = send_vuln_details_request(plugin_id, date_range) if 'error' in info: return_error(info['error']) return get_entry_for_object('Vulnerability details - {}'.format(plugin_id), 'TenableIO.Vulnerabilities', convert_severity_values(replace_keys(flatten(info['info']))), VULNERABILITY_DETAILS_HEADERS)
def set_alert_status_command(): alert_id = demisto.getArg('alert_id') status = demisto.getArg('status') comments = demisto.getArg('comments') share_irondome_arg = demisto.getArg('share_comment_with_irondome') share_irondome = True if share_irondome_arg.lower() == 'true' else False results = IRON_DEFENSE.set_alert_status(alert_id, status=status, comments=comments, share_irondome=share_irondome) demisto.results(results)
def handle_filters(): """ Handle filters associated with samples """ params = {'api_key': API_KEY} for k in demisto.args(): if demisto.getArg(k): params[k] = demisto.getArg(k) return params
def add_comment_to_alert_command(): alert_id = demisto.getArg('alert_id') comment = demisto.getArg('comment') share_irondome_arg = demisto.getArg('share_comment_with_irondome') share_irondome = True if share_irondome_arg.lower() == 'true' else False results = IRON_DEFENSE.add_comment_to_alert(alert_id, comment=comment, share_irondome=share_irondome) demisto.results(results)
def download(): share, path = split_path(demisto.getArg('file_path')) with tempfile.NamedTemporaryFile() as file_obj: file_attributes, filesize = conn.retrieveFile(share, path, file_obj) file_obj.seek(0) filename = path.split('/')[-1] if '/' in path else path.split('\\')[-1] if demisto.getArg('download_and_attach') == "yes": demisto.results(fileResult(filename, file_obj.read())) else: demisto.results(file_obj.read())
def exabeam_lockouts(): """ Return lockouts """ res = http_request( 'GET', URL_UBA + 'lockouts/accountLockouts', { 'numberOfResults': demisto.getArg('number-of-results'), 'unit': demisto.getArg('unit'), 'num': demisto.getArg('num') }) if res.get('lockouts'): lockouts = [{ 'Name': demisto.get(l, 'user.info.fullName'), 'Username': demisto.get(l, 'user.username'), 'Email': demisto.get(l, 'user.info.email'), 'Department': demisto.get(l, 'user.info.department'), 'DN': demisto.get(l, 'user.info.dn'), 'Title': demisto.get(l, 'user.info.title'), 'RiskScore': demisto.get(l, 'user.riskScore'), 'Executive': demisto.get(l, 'isUserExecutive'), 'LockoutTime': convert_unix_to_date(demisto.get(l, 'firstLockoutEvent.time')), 'Host': demisto.get(l, 'firstLockoutEvent.host'), 'LockoutRisk': demisto.get(l, 'lockoutInfo.riskScore'), 'LoginHost': demisto.get(l, 'lockoutInfo.loginHost') } for l in res['lockouts']] demisto.results({ 'Type': entryTypes['note'], 'ContentsFormat': formats['json'], 'Contents': res, 'HumanReadable': tableToMarkdown('Lockouts', lockouts, [ 'User', 'Username', 'Email', 'Department', 'DN', 'Title', 'RiskScore', 'Executive', 'LockoutTime', 'Host', 'LockoutRisk', 'LoginHost' ]), 'EntryContext': { 'Exabeam.Lockout': res['lockouts'] } }) else: demisto.results('No lockouts found in the requested period')
def move_client_to_group_command(token): group_id = demisto.getArg('groupID') hardware_key = demisto.getArg('hardwareKey') response, message = move_client_to_group(token, group_id, hardware_key) demisto.results({ 'Type': entryTypes['note'], 'ContentsFormat': formats['text'], 'Contents': response, 'HumanReadable': message, 'IgnoreAutoExtract': True, })
def update_analyst_ratings_command(): alert_id = demisto.getArg('alert_id') severity = demisto.getArg('severity') expectation = demisto.getArg('expectation') comments = demisto.getArg('comments') share_irondome_arg = demisto.getArg('share_comment_with_irondome') share_irondome = True if share_irondome_arg.lower() == 'true' else False results = IRON_DEFENSE.update_analyst_ratings(alert_id, severity=severity, expectation=expectation, comments=comments, share_irondome=share_irondome) demisto.results(results)
def apply_search_filters(): """ Helper for applying search filters """ params = {'api_key': API_KEY} for k in demisto.args(): if demisto.getArg(k): params['term'] = k params['query'] = demisto.getArg(k) break return params
def create_issue_command(): url = 'rest/api/latest/issue' issue = get_issue_fields(issue_creating=True, **demisto.args()) result = jira_req('POST', url, json.dumps(issue)) j_res = result.json() md_and_context = generate_md_context_create_issue(j_res, project_key=demisto.getArg('projectKey'), project_name=demisto.getArg('issueTypeName')) human_readable = tableToMarkdown(demisto.command(), md_and_context['md'], "") contents = j_res outputs = md_and_context['context'] return_outputs(readable_output=human_readable, outputs=outputs, raw_response=contents)
def create_user_command(): required_properties = { 'accountEnabled': demisto.getArg('account_enabled'), 'displayName': demisto.getArg('display_name'), 'onPremisesImmutableId': demisto.getArg('on_premises_immutable_id'), 'mailNickname': demisto.getArg('mail_nickname'), 'passwordProfile': { "forceChangePasswordNextSignIn": 'true', "password": demisto.getArg('password') }, 'userPrincipalName': demisto.getArg('user_principal_name') } other_properties = {} for key_value in demisto.getArg('other_properties').split(','): key, value = key_value.split('=', 2) other_properties[key] = value # create the user required_properties.update(other_properties) create_user(required_properties) # display the new user and it's properties user = required_properties.get('userPrincipalName') user_data = get_user(user, '*') user_readable, user_outputs = parse_outputs(user_data) human_readable = tableToMarkdown(name=f"{user} was created successfully:", t=user_readable, removeNull=True) outputs = {'MSGraphUser(val.ID == obj.ID)': user_outputs} return_outputs(readable_output=human_readable, outputs=outputs, raw_response=user_data)
def unblock_user_command(): user = demisto.getArg('user') unblock_user(user) return_outputs( readable_output=f'"{user}" unblocked. It might take several minutes for the changes to take affect across ' 'all applications.', outputs=NO_OUTPUTS )
def get_user_command(): user = demisto.getArg('user') properties = demisto.args().get('properties', '*') user_data = get_user(user, properties) user_readable, user_outputs = parse_outputs(user_data) human_readable = tableToMarkdown(name=f"{user} data", t=user_readable, removeNull=True) outputs = {'MSGraphUser(val.ID == obj.ID)': user_outputs} return_outputs(readable_output=human_readable, outputs=outputs, raw_response=user_data)
def get_delta_command(): properties = demisto.getArg('properties') + ',userPrincipalName' users_data = get_delta(properties) headers = list(set([camel_case_to_readable(p) for p in argToList(properties)] + ['ID', 'User Principal Name'])) users_readable, users_outputs = parse_outputs(users_data) hr = tableToMarkdown(name='All Graph Users', headers=headers, t=users_readable, removeNull=True) outputs = {'MSGraphUser(val.ID == obj.ID)': users_outputs} return_outputs(readable_output=hr, outputs=outputs, raw_response=users_data)
def extract_text_command() -> dict: langs = argToList(demisto.getArg('langs')) or argToList(demisto.getParam('langs')) demisto.debug("Using langs settings: {}".format(langs)) entry_id = demisto.args()['entryid'] file_path = demisto.getFilePath(entry_id) if not file_path: return_error("Couldn't find entry id: {}".format(entry_id)) demisto.debug('Extracting text from file: {}'.format(file_path)) res = extract_text(file_path['path'], langs) file_entry = {'EntryID': entry_id, 'Text': res} return { 'Type': entryTypes['note'], 'Contents': res, 'ContentsFormat': formats['text'], 'ReadableContentsFormat': formats['markdown'], 'HumanReadable': "## Image OCR Extracted Text\n\n" + res, "EntryContext": {"File(val.EntryID == obj.EntryID)": file_entry}, }
def terminate_user_session_command(): user = demisto.getArg('user') terminate_user_session(user) return_outputs(readable_output=f'user: "******" session has been terminated successfully', outputs=NO_OUTPUTS)
def delete_user_command(): user = demisto.getArg('user') delete_user(user) return_outputs(readable_output=f'user: "******" was deleted successfully', outputs=NO_OUTPUTS)
def update_user_command(): user = demisto.getArg('user') updated_fields = demisto.getArg('updated_fields') update_user(user, updated_fields) get_user_command()