search

ibmresilient / resilient-community-apps

Source code for IBM SOAR Apps that are available on our App Exchange
https://ibm.biz/soar-apps-docs
MIT License
88 stars 96 forks source link

[utilities_call_rest_api.py] - response handling problem #90

Open lukasztynski opened 1 year ago

lukasztynski commented 1 year ago

Hi,

I have a problem with handling the information obtained by the utilities_call_rest_api.py function. When sending a request to MISP, I would like to get the json and be able to work with it further. This is the response I would like to process, and the response itself indicates that the entry is already in the list (I have no problem handling the data using python in VSC and pycharm). In the situation where the entry exists, I have no problem getting the data and processing it in the playbook itself.

Please do not suggest an error message 403, the error lies somewhere on the side of utilities_call_call_rest_api.py - please verify and possibly reply quickly.

Thanks Łukasz Tyński

2023-04-18_14h57_14 2023-04-18_15h15_46 2023-04-18_15h14_24

Aceilies commented 1 year ago

Hi Brother,utilities_call_call_rest_api would throw an addressable output in “results” if and only if the status code is 20x, also you will need a script after the function to access the playbook function output either to print or etc, this script will act as post processing script in workflows.On 18 Apr 2023, at 3:17 PM, Łukasz Tyński @.***> wrote: Hi, I have a problem with handling the information obtained by the utilities_call_rest_api.py function. When sending a request to MISP, I would like to get the json and be able to work with it further. This is the response I would like to process, and the response itself indicates that the entry is already in the list (I have no problem handling the data using python in VSC and pycharm). In the situation where the entry exists, I have no problem getting the data and processing it in the playbook itself. Please do not suggest an error message 403, the error lies somewhere on the side of utilities_call_call_rest_api.py - please verify and possibly reply quickly. Thanks Łukasz Tyński

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

lukasztynski commented 1 year ago

HI, Thanks for the clarification, the problem is that this is where the 403 error code is returned and it affects the playbook to abort. Is there any way to further handle this in the playbook? Is it possible for such a node to take a failed value, which I could further use in the playbook?

Thanks Łukasz Tyński

lukasztynski commented 1 year ago

I tried to handle this with the script after the function, but as you wrote it does not work in the situation of returning the code 403, in the case of code 200 the same solution works fine. If I use this in workflow, the effect will be the same, is there any way to do it? I attach a simple example.

2023-04-19_09h02_20 Thanks Łukasz Tyński