InBuild a custom integration, you created a Ping action for the Armis integration. This document outlines how to create a custom action for the Armis integration that enriches entities. It assumes you have a working knowledge of Python and object-oriented programming. For a prerequisite, refer to the SDK documentation and custom integration procedure, and explore the SDK modules.
Create a custom action
To create a custom action, follow these steps:
Go toResponse>IDE; theIDEpage appears.
ClickaddCreate New Itemand selectAction. Enter a name and select the integration.
ClickCreate. IDE creates a new template with code comments and explanations.
The Siemplify action object
A Siemplify action requires these steps:
An object must be instantiated from theSiemplifyActionclass.
The object must use the class'sendmethod to return an output message and a result value.
Result values
Every action has anOutput Namethat represents the result value returned by the SiemplifyAction'sendmethod. By default, this isis_success, but you can change it in the Integrated Development Environment (IDE). You can also set a defaultReturn Valuefor when an action fails.
For example, if the action times out after five minutes (or fails for any other reason),
theScriptResultis set toTimeout.
JSON result value
You can also add a JSON result, which is useful for pivoting on data in
playbooks or for manual analysis. To do this, use theadd_result_jsonmethod on theSiemplifyActionresult property or theadd_entity_jsonmethod to attach a JSON result directly to an entity.
Imports and constants
The `SiemplifyAction` class from the `SiemplifyAction` module is always imported. Other common imports include:
output_handlerfromSiemplifyUtilsfor debugging.
add_prefix_to_dict_keysandconvert_dict_to_json_result_dictfor data transformation.
EntityTypesto determine the type of entity an action will run on.
This action also reuses the `ArmisManager` created in the custom integration procedure and import the standard `json` library.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Create a custom action\n======================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \n\nIn [Build a custom integration](/chronicle/docs/soar/respond/ide/building-a-custom-integration), you created a Ping action for the Armis integration. This document outlines how to create a custom action for the Armis integration that enriches entities. It assumes you have a working knowledge of Python and object-oriented programming. For a prerequisite, refer to the SDK documentation and custom integration procedure, and explore the SDK modules.\n\nCreate a custom action\n----------------------\n\nTo create a custom action, follow these steps:\n\n1. Go to **Response \\\u003e IDE** ; the **IDE** page appears.\n2. Click add**Create New Item** and select **Action**. Enter a name and select the integration.\n3. Click **Create**. IDE creates a new template with code comments and explanations.\n\nThe Siemplify action object\n---------------------------\n\n\nA Siemplify action requires these steps:\n\n- An object must be instantiated from the `SiemplifyAction` class.\n- The object must use the class's `end` method to return an output message and a result value.\n\n### Result values\n\nEvery action has an **Output Name** that represents the result value returned by the SiemplifyAction's `end` method. By default, this is `is_success`, but you can change it in the Integrated Development Environment (IDE). You can also set a default **Return Value** for when an action fails.\nFor example, if the action times out after five minutes (or fails for any other reason),\nthe `ScriptResult` is set to `Timeout`.\n| **Note:** The default return value is crucial for controlling playbook flow. You can use it in a condition to branch the playbook if an action fails or times out.\n\n#### JSON result value\n\n\nYou can also add a JSON result, which is useful for pivoting on data in\nplaybooks or for manual analysis. To do this, use the `add_result_json`\nmethod on the `SiemplifyAction` result property or the\n`add_entity_json` method to attach a JSON result directly to an entity.\n\n### Imports and constants\n\n\nThe \\`SiemplifyAction\\` class from the \\`SiemplifyAction\\` module is always imported. Other common imports include:\n\n- `output_handler` from `SiemplifyUtils` for debugging.\n- `add_prefix_to_dict_keys` and `convert_dict_to_json_result_dict` for data transformation.\n- `EntityTypes` to determine the type of entity an action will run on.\n\nThis action also reuses the \\`ArmisManager\\` created in the custom integration procedure and import the standard \\`json\\` library.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
