def playbook_internal_host_winrm_investigate_1(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug("playbook_internal_host_winrm_investigate_1() called")
filtered_artifact_0_data_os_filter = phantom.collect2(
container=container,
datapath=[
"filtered-data:os_filter:condition_2:artifact:*.cef.deviceHostname"
],
scope="all")
filtered_artifact_0__cef_devicehostname = [
item[0] for item in filtered_artifact_0_data_os_filter
]
ip_or_hostname_combined_value = phantom.concatenate(
filtered_artifact_0__cef_devicehostname, dedup=True)
inputs = {
"ip_or_hostname": ip_or_hostname_combined_value,
}
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
# call playbook "community/internal_host_winrm_investigate", returns the playbook_run_id
playbook_run_id = phantom.playbook(
"community/internal_host_winrm_investigate",
container=container,
name="playbook_internal_host_winrm_investigate_1",
callback=join_playbook_log4j_respond_1,
inputs=inputs)
return
def playbook_internal_host_splunk_investigate_log4j_2(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug("playbook_internal_host_splunk_investigate_log4j_2() called")
container_artifact_data = phantom.collect2(
container=container,
datapath=["artifact:*.cef.deviceHostname"],
scope="all")
container_artifact_cef_item_0 = [
item[0] for item in container_artifact_data
]
ip_or_hostname_combined_value = phantom.concatenate(
container_artifact_cef_item_0, dedup=True)
inputs = {
"ip_or_hostname": ip_or_hostname_combined_value,
}
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
# call playbook "community/internal_host_splunk_investigate_log4j", returns the playbook_run_id
playbook_run_id = phantom.playbook(
"community/internal_host_splunk_investigate_log4j",
container=container,
name="playbook_internal_host_splunk_investigate_log4j_2",
callback=os_filter,
inputs=inputs)
return