GetIndicatorDBotScoreFromContext Automation (demisto#28576) (demisto#…

…28591)

* Updated

* Updated

* Updated YML

* Updated README

Co-authored-by: M Azmat <69823542+mazmat-panw@users.noreply.github.com>

Packs/CommunityCommonScripts/ReleaseNotes/1_1_0.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### New: GetIndicatorCustomFieldsByQuery
+
+- New: Returns indicator custom fields into the context by the given query. (Available from Cortex XSOAR 6.9.0).

Packs/CommunityCommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/GetIndicatorCustomFieldsByQuery.py

@@ -0,0 +1,42 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+"""
+Searches the TIM DB for device indicators based on the provided query string and returns along with their custom fields.
+"""
+
+
+def search_indicators(query, max_size):
+    result = []
+    indicators = demisto.searchIndicators(
+        query=query,
+        size=max_size, page=0
+    )
+
+    for indicator in indicators.get("iocs"):
+        indicator_dict = {
+            "value": indicator.get("value"),
+            "type": indicator.get("indicator_type")
+        }
+
+        if (indicator.get("CustomFields")):
+            indicator_dict = {**indicator_dict, **indicator.get("CustomFields")}
+            result.append(indicator_dict)
+
+    return result
+
+
+def main():
+    query = demisto.args().get("query", "")
+    max_size = arg_to_number(demisto.args().get("max", 1000))
+    outputs = search_indicators(query, max_size)
+    return_results(
+        CommandResults(
+            outputs_prefix="GetIndicatorCustomFieldsByQuery",
+            outputs=outputs,
+            readable_output=tableToMarkdown("Indicator Query Result", outputs)
+        ))
+
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()

Packs/CommunityCommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/GetIndicatorCustomFieldsByQuery.yml

@@ -0,0 +1,23 @@
+commonfields:
+  id: GetIndicatorCustomFieldsByQuery
+  version: -1
+name: GetIndicatorCustomFieldsByQuery
+script: ''
+type: python
+tags: []
+comment: Returns indicator custom fields into the context by the given query.
+enabled: true
+args:
+- name: query
+  description: The complete XSOAR indicator query.
+outputs:
+- contextPath: GetIndicatorFieldsByQuery
+  description: The matched indicator value, type, and custom fields.
+scripttarget: 0
+subtype: python3
+runonce: false
+dockerimage: demisto/python3:3.10.12.66339
+runas: DBotWeakRole
+fromversion: 6.9.0
+tests:
+- No tests (auto formatted)

Packs/CommunityCommonScripts/Scripts/GetIndicatorCustomFieldsByQuery/README.md

@@ -0,0 +1,30 @@
+
+Purpose:      This automation will return indicator custom fields into the context by the given query.
+Author:       Mahmood Azmat
+Input1:       Query for retrieving indicator(s).
+
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Cortex XSOAR Version | 6.9.0 |
+
+## Inputs
+
+---
+
+| **Argument Name** | **Description** |
+| --- | --- |
+| query | The complete XSOAR indicator query. |
+
+## Outputs
+
+---
+
+| **Path** | **Description** | **Type** |
+| --- | --- | --- |
+| GetIndicatorFieldsByQuery | The matched indicator value, type, and custom fields. | Unknown |

Packs/CommunityCommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Community Common Scripts",
     "description": "A pack that contains community scripts",
     "support": "community",
-    "currentVersion": "1.0.15",
+    "currentVersion": "1.1.0",
     "author": "",
     "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
     "email": "",