-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautomation-AlgosecQuery.yml
44 lines (42 loc) · 1.2 KB
/
automation-AlgosecQuery.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
args:
- default: true
description: source(s) for the query. Multiple values are separated by commas (,)
name: source
required: true
- description: destination(s) for the query. Multiple values are separated by commas
(,)
name: destination
required: true
- description: service(s) for the query. Multiple values are separated by commas (,)
name: service
required: true
- description: user for the query
name: user
- description: application for the query
name: application
comment: Performs a batch traffic simulation query using Firewall Analyzer
commonfields:
id: AlgosecQuery
version: -1
dependson:
must:
- algosec-query
name: AlgosecQuery
runonce: false
script: |2
resp = demisto.executeCommand("algosec-query", demisto.args())
if isError(resp[0]):
demisto.results(resp)
else:
data = demisto.get(resp[0], "Contents.QueryResponse.QueryResult")
if data:
data = data if isinstance(data, list) else [data]
data = flattenTable(data)
demisto.results({"ContentsFormat": formats["table"], "Type": entryTypes["note"], "Contents": data} )
else:
demisto.results("No results.")
scripttarget: 0
system: true
tags:
- Algosec
type: python