forked from shaniacht1/content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathautomation-CBWatchlists.yml
More file actions
37 lines (37 loc) · 1.47 KB
/
automation-CBWatchlists.yml
File metadata and controls
37 lines (37 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
args:
- default: true
description: Display a specific watchlist by watchlist ID (numeric)
name: id
comment: Display all watchlists and their details, queries, etc.
commonfields:
id: CBWatchlists
version: -1
dependson:
must:
- cb-watchlist-get
name: CBWatchlists
runonce: false
script: |-
# args: id - Optional - only show the watchlist with this specific ID
cols = ['name','search_query','id','enabled','search_timestamp','last_hit','last_hit_count','total_hits']
fullcols = ['alliance_id', 'date_added', 'enabled', 'from_alliance', 'group_id', 'id', 'index_type', 'last_hit', 'last_hit_count', 'name', 'readonly', 'search_query', 'search_timestamp', 'total_hits', 'total_tags']
res = []
resCmd1 = demisto.executeCommand("cb-watchlist-get", {"watchlist-id" : demisto.args()["id"]} if "id" in demisto.args() else {})
for entry in resCmd1:
if isError(entry):
res.append(entry)
else:
matches = entry["Contents"]
if matches:
if type(matches)==dict:
matches = [matches]
filtered_matches = [{ k: m[k] for k in cols if k in m } for m in matches]
res.append( { "Type" : entryTypes["note"], "ContentsFormat" : formats["table"], "Contents" : filtered_matches } )
else:
res.append( { "Type" : entryTypes["note"], "ContentsFormat" : formats["text"], "Contents" : "No matches." } )
demisto.results(res)
scripttarget: 0
system: true
tags:
- carbon-black
type: python