SiemplifyConnectors module
class
SiemplifyConnectors.SiemplifyConnectorExecution
SiemplifyConnectors.SiemplifyConnectorExecution(mock_stdin=None)
Bases: SiemplifyBase
MAX_NUM_LOG_ROWS= 5000
extract_connector_param
extract_connector_param
(
param_name
,
default_value
=
None
,
input_type
=
< class
'
str
'
> ,
is_mandatory
=
False
,
print_value
=
False
)
Get a connector script parameter.Each connector has parameters that are filled when it's configured. This method allows extracting the value of a selected parameter of the currently running connector.\
Parameters
| Param name | Param type | Definition | Possible values | Comments |
|---|---|---|---|---|
|
param_name
|
{string} | Name of the parameter | N/A | N/A |
|
default_value
|
{any} | The default value of the parameter. | N/A | (Optional) The given value will be returned if the parameter was not set (if is_mandatory
is set to False
).Default is None |
|
input_type
|
{obj} | The type of the parameter. For example, {int} | N/A | (Optional) The returned value will be cast to the selected input type. Default is str |
|
is_mandatory
|
{boolean} | Defines whether the parameter is mandatory | N/A | If set to True
and the parameter was not filled,an exception will be raised. Default is False
|
|
print_value
|
{boolean} | Defines whether to output the fetched value of the parameter to the logs | N/A | Default is False
|
Returns
The parameter value, {string} by default, unless input_type is specified.
Example
from
SiemplifyConnectors
import
SiemplifyConnectorExecution
siemplify
=
SiemplifyConnectorExecution
()
param_value
=
siemplify
.
extract_connectors_param
(
"Logs Folder"
,
default_value
=
"C:
\\
Siemplify_Server
\\
Scripting
\\
JobLogs"
,
input_type
=
str
,
is_mandatory
=
False
,
print_value
=
False
)
Result behavior
The value of the selected parameter will be returned, casted to the selected type.
Result value
C:\Siemplify_Server\Scripting\SampleJob\Logs
fetch_and_save_timestamp
fetch_and_save_timestamp(datetime_format=False, timezone=False, new_timestamp=1683034181328)
Fetch timestamp and save it to the case context.
Parameters
Param name
Param type
Definition
Possible values
Comments
datetime_format
{boolean}
Format for date/time
True
for getting in datetime format,False
for UnixFalse
by default (optional)timezone
Parameter not supported anymore
new_timestamp
{int}
The time stamp to save
N/A
Unix time by default (optional)
fetch_timestamp
fetch_timestamp(datetime_format=False, timezone=False)
Get the timestamp saved with save_timestamp
.
Parameters
Param name
Param type
Definition
Possible values
Comments
datetime_format
{boolean}
If
Else, return in Unix
True
, return timestamp as datetime.Else, return in Unix
True/False
False by default (optional)
timezone
Parameter not supported anymore
Returns
Saved Unix time/datetime.
get_connector_context_property
get_connector_context_property(identifier, property_key)
Get a connector context property.
Parameters
| Param name | Param type | Definition | Possible values | Comments |
|---|---|---|---|---|
|
identifier
|
{string} | Context identifier | N/A | N/A |
|
property_key
|
{string} | The requested key property | N/A | N/A |
Returns
{string} the property value
is_overflowed_alert
is_overflowed_alert(environment, alert_identifier, ingestion_time=1683034181328, original_file_path=None, original_file_content=None, alert_name=None, product=None, source_ip=None, source_host=None, destination_ip=None, destination_host=None)
Check if the alert is overflowed.
Parameters
| Param name | Param type | Definition | Possible values | Comments |
|---|---|---|---|---|
|
environment
|
{string} | Environment name | Example | N/A |
|
alert_identifier
|
{string} | Alert identifier | 12345 | N/A |
|
ingestion_time
|
{long} | Alert ingestion time | N/A | If not provided, defaults to current time (Unix time format) |
|
original_file_path
|
{string} | Path to the file containing the alert's original raw data | N/A | N/A |
|
original_file_content
|
{string} | Content of the file containing the alert's original raw data | N/A | N/A |
|
alert_name
|
{string} | Alert name | N/A | N/A |
|
product
|
{string} | The product name for the device that generated the alert | QRadar, Trellix ESM | N/A |
|
source_ip
|
{string} | The source IP address associated with the alert | 198.51.100.1 | N/A |
|
source_host
|
{string} | The source host address associated with the alert | source@example.com, source.example.com |
N/A |
|
destination_ip
|
{string} | Destination IP address associated with the alert | 203.0.113.1 | N/A |
|
destination_host
|
{string} | Destination host address associated with the alert | destination.example.com | N/A |
Returns
{boolean} True/False
Example
from
SiemplifyConnectors
import
SiemplifyConnectorExecution
siemplify
=
SiemplifyConnectorExecution
()
siemplify
.
is_overflowed_alert
(
environment
,
alert_identifier
,
ingestion_time
=
SiemplifyUtils
.
unix_now
(),
original_file_path
,
original_file_content
,
alert_name
,
product
,
source_ip
,
source_host
,
destination_ip
,
destination_host
)
Result behavior
True
if the alert will be overflowed during the ingestion process. Otherwise, False
.
Result value
True/False
property is_test_run
property log_location
property parameters
return_package
return_package
(
cases
,
output_variables
=
{},
log_items
=
[])
Return data.
Parameters
| Param name | Param type | Definition | Possible values | Comments |
|---|---|---|---|---|
|
cases
|
{[CaseInfo]} | The list of CaseInfo objects | N/A | N/A |
|
output_variables
|
Deprecated | |||
|
log_items
|
Deprecated |
Returns
NoneType
Example
from
SiemplifyConnectors
import
SiemplifyConnectorExecution
siemplify
=
SiemplifyConnectorExecution
()
siemplify
.
return_package
(
cases
,
output_variables
,
log_items
)
Result value
None
return_test_result
return_test_result(is_success, result_params_dictionary)
property run_folder
Build the run_folder
based on the script name.
Returns
{string} full path
Result value
C:Siemplify_ServerScriptingSiemplifyAction<script name>
save_timestamp
save_timestamp(datetime_format=False, timezone=False, new_timestamp=1683034181328)
Save timestamp to the current script context.
Parameters
Param name
Param type
Definition
Possible values
Comments
datetime_format
{boolean}
N/A
True
for datetime format,False
for UnixDefault is
False
(optional)timezone
Parameter not supported anymore
new_timestamp
{long}
Timestamp to save to context
N/A
Timestamp defaults to Unix timestamp of calling the method
set_connector_context_property
set_connector_context_property(identifier, property_key, property_value)
Set a case context property using the key/value pair.
Parameters
| Param name | Param type | Definition | Possible values | Comments |
|---|---|---|---|---|
|
identifier
|
{string} | Context identifier | N/A | N/A |
|
property_key
|
{string} | Key of the property | N/A | N/A |
|
property_value
|
{string} | Value of the property | N/A | N/A |
