-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* Updated * Updated * Updated YML * Updated README Co-authored-by: M Azmat <69823542+mazmat-panw@users.noreply.github.com>
- Loading branch information
Showing
5 changed files
with
102 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
#### Scripts | ||
|
||
##### New: GetIndicatorCustomFieldsByQuery | ||
|
||
- New: Returns indicator custom fields into the context by the given query. (Available from Cortex XSOAR 6.9.0). |
42 changes: 42 additions & 0 deletions
42
...yCommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/GetIndicatorCustomFieldsByQuery.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
import demistomock as demisto # noqa: F401 | ||
from CommonServerPython import * # noqa: F401 | ||
|
||
""" | ||
Searches the TIM DB for device indicators based on the provided query string and returns along with their custom fields. | ||
""" | ||
|
||
|
||
def search_indicators(query, max_size): | ||
result = [] | ||
indicators = demisto.searchIndicators( | ||
query=query, | ||
size=max_size, page=0 | ||
) | ||
|
||
for indicator in indicators.get("iocs"): | ||
indicator_dict = { | ||
"value": indicator.get("value"), | ||
"type": indicator.get("indicator_type") | ||
} | ||
|
||
if (indicator.get("CustomFields")): | ||
indicator_dict = {**indicator_dict, **indicator.get("CustomFields")} | ||
result.append(indicator_dict) | ||
|
||
return result | ||
|
||
|
||
def main(): | ||
query = demisto.args().get("query", "") | ||
max_size = arg_to_number(demisto.args().get("max", 1000)) | ||
outputs = search_indicators(query, max_size) | ||
return_results( | ||
CommandResults( | ||
outputs_prefix="GetIndicatorCustomFieldsByQuery", | ||
outputs=outputs, | ||
readable_output=tableToMarkdown("Indicator Query Result", outputs) | ||
)) | ||
|
||
|
||
if __name__ in ('__main__', '__builtin__', 'builtins'): | ||
main() |
23 changes: 23 additions & 0 deletions
23
...CommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/GetIndicatorCustomFieldsByQuery.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
commonfields: | ||
id: GetIndicatorCustomFieldsByQuery | ||
version: -1 | ||
name: GetIndicatorCustomFieldsByQuery | ||
script: '' | ||
type: python | ||
tags: [] | ||
comment: Returns indicator custom fields into the context by the given query. | ||
enabled: true | ||
args: | ||
- name: query | ||
description: The complete XSOAR indicator query. | ||
outputs: | ||
- contextPath: GetIndicatorFieldsByQuery | ||
description: The matched indicator value, type, and custom fields. | ||
scripttarget: 0 | ||
subtype: python3 | ||
runonce: false | ||
dockerimage: demisto/python3:3.10.12.66339 | ||
runas: DBotWeakRole | ||
fromversion: 6.9.0 | ||
tests: | ||
- No tests (auto formatted) |
30 changes: 30 additions & 0 deletions
30
Packs/CommunityCommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
|
||
Purpose: This automation will return indicator custom fields into the context by the given query. | ||
Author: Mahmood Azmat | ||
Input1: Query for retrieving indicator(s). | ||
|
||
|
||
## Script Data | ||
|
||
--- | ||
|
||
| **Name** | **Description** | | ||
| --- | --- | | ||
| Script Type | python3 | | ||
| Cortex XSOAR Version | 6.9.0 | | ||
|
||
## Inputs | ||
|
||
--- | ||
|
||
| **Argument Name** | **Description** | | ||
| --- | --- | | ||
| query | The complete XSOAR indicator query. | | ||
|
||
## Outputs | ||
|
||
--- | ||
|
||
| **Path** | **Description** | **Type** | | ||
| --- | --- | --- | | ||
| GetIndicatorFieldsByQuery | The matched indicator value, type, and custom fields. | Unknown | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters