detonate file action fails with message "Unable to find vault item"
Steps to reproduce the behavior:
Create an asset
Create event manually
Upload file as vault artifact
Click on vaultId value
Run action 'detonate file' using previously created asset.
See error
Error
2023-07-05T13:54:22.171552Z: 'detonate file' completed with status: 'failed'. Action Info: Size : 297 bytes : [{"app_name":"Detection on Demand","asset_name":"XXXXXXX","param":{"context": {"guid": "XXXXXXX", "artifact_id": 0, "parent_action_run": []}, "vault_id": "XXXXXXX"},"status":"failed","message":"Unable to find vault item"}]
Expected behavior
Action runs with no error returning relevant report id.
Screenshots
Splunk SOAR On-Prem Version: 6.0.2.127725
Unprivileged Install
OS Version: NA
Hypervisor (if applicable)? NA
App Version: 1.0.1
Splunk Cloud SOAR Version 6.0.1.123902
App Version: 1.0.1
Additional context
I was able to reproduce this error at code level.
The action fails on deprecated API call:
from phantom.vault import Vault
file_info = Vault.get_file_info(vault_id=vault_id)[0]
This should be replaced by:
from phantom.vault import vault_info
file_info = vault_info(vault_id=vault_id)[2][0]
Detection on Demand https://splunkbase.splunk.com/app/6007
detonate file action fails with message "Unable to find vault item"
Steps to reproduce the behavior:
Error 2023-07-05T13:54:22.171552Z: 'detonate file' completed with status: 'failed'. Action Info: Size : 297 bytes : [{"app_name":"Detection on Demand","asset_name":"XXXXXXX","param":{"context": {"guid": "XXXXXXX", "artifact_id": 0, "parent_action_run": []}, "vault_id": "XXXXXXX"},"status":"failed","message":"Unable to find vault item"}]
Expected behavior Action runs with no error returning relevant report id.
Screenshots
Splunk SOAR On-Prem Version: 6.0.2.127725
Splunk Cloud SOAR Version 6.0.1.123902
Additional context I was able to reproduce this error at code level. The action fails on deprecated API call: from phantom.vault import Vault file_info = Vault.get_file_info(vault_id=vault_id)[0]
This should be replaced by: from phantom.vault import vault_info file_info = vault_info(vault_id=vault_id)[2][0]