def update_infected_list(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None):
phantom.debug('updated_infected_list() called')
#phantom.debug('Action: {0} {1}'.format(action['name'], ('SUCCEEDED' if success else 'FAILED')))
# collect data for 'updated_infected_list' call
inputs_data_1 = phantom.collect2(
container=container,
datapath=[
'get_system_info_1:artifact:*.cef.sourceAddress',
'get_system_info_1:artifact:*.id'
],
action_results=results)
parameters = []
# build parameters list for 'updated_infected_list' call
for inputs_item_1 in inputs_data_1:
if inputs_item_1[0]:
phantom.datastore_add('wannacry_infected_endpoints',
[inputs_item_1[0]])
return
def add_to_blocklist(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None):
phantom.debug('add_to_list() called')
#phantom.debug('Action: {0} {1}'.format(action['name'], ('SUCCEEDED' if success else 'FAILED')))
filtered_artifacts_data_1 = phantom.collect2(
container=container,
datapath=[
'filtered-data:filter_3:condition_1:artifact:*.cef.sourceAddress',
'filtered-data:filter_3:condition_1:artifact:*.id'
])
phantom_url = phantom.get_base_url()
container_url = "{}/mission/{}".format(phantom_url, container['id'])
for filtered_artifacts_item_1 in filtered_artifacts_data_1:
if filtered_artifacts_item_1[0]:
phantom.datastore_add(
'blocked_ips',
[filtered_artifacts_item_1[0], 'yes', container_url])
block_ip_1(action, success, container, results, handle, filtered_artifacts,
filtered_results)
return
def add_endpoint_to_patched_list(container):
# collect data for 'add_to_remediated_list_1' call
infected_endpoints = phantom.collect2(
container=container,
datapath=['artifact:*.cef.sourceAddress', 'artifact:*.id'])
phantom_url = phantom.get_base_url()
container_url = "{}/mission/{}".format(phantom_url, container['id'])
for infected_endpoint in infected_endpoints:
if infected_endpoint[0]:
phantom.datastore_add('wannacry_patched_endpoints',
[infected_endpoint[0], 'yes', container_url])
return