splunk-soar-connectors / detectionondemand

Apache License 2.0
0 stars 0 forks source link

Detonate file action does not work #2

Open davidkachan opened 1 year ago

davidkachan commented 1 year ago

Detection on Demand https://splunkbase.splunk.com/app/6007

detonate file action fails with message "Unable to find vault item"

Steps to reproduce the behavior:

  1. Create an asset
  2. Create event manually
  3. Upload file as vault artifact
  4. Click on vaultId value
  5. Run action 'detonate file' using previously created asset.
  6. See error

Error 2023-07-05T13:54:22.171552Z: 'detonate file' completed with status: 'failed'. Action Info: Size : 297 bytes : [{"app_name":"Detection on Demand","asset_name":"XXXXXXX","param":{"context": {"guid": "XXXXXXX", "artifact_id": 0, "parent_action_run": []}, "vault_id": "XXXXXXX"},"status":"failed","message":"Unable to find vault item"}]

Expected behavior Action runs with no error returning relevant report id.

Screenshots image

Splunk SOAR On-Prem Version: 6.0.2.127725

Splunk Cloud SOAR Version 6.0.1.123902

Additional context I was able to reproduce this error at code level. The action fails on deprecated API call: from phantom.vault import Vault file_info = Vault.get_file_info(vault_id=vault_id)[0]

This should be replaced by: from phantom.vault import vault_info file_info = vault_info(vault_id=vault_id)[2][0]

BIitzkrieg commented 4 months ago

wanted to bump this, as it is still not fixed and this issue is almost a year old