CheckTags

Check DomainTools domain tags and if a tag is found mark incident as high severity.

python · DomainTools Iris Investigate

Source

from typing import Any

from CommonServerPython import *


def check_tags(args: dict[str, Any]) -> CommandResults:
    incident_id = args["incident_id"]
    domain_tags = args["domain_tags"]
    domain_tags_set = {domain_tag["label"] for domain_tag in domain_tags}

    malicious_tags = args["malicious_tags"]
    malicious_tags_set = {tag.strip() for tag in malicious_tags.split(",")}

    tag_intersection = None
    human_readable_str = "No matching tags found."

    if len(domain_tags_set) and len(malicious_tags_set):
        tag_intersection = len(malicious_tags_set.intersection(domain_tags_set))
    if tag_intersection:
        # 3 is High severity level
        demisto.executeCommand("setIncident", {"id": incident_id, "severity": 3})
        human_readable_str = f"Incident {incident_id} has been updated to HIGH Severity."

    return CommandResults(readable_output=human_readable_str)


def main():
    try:
        return_results(check_tags(demisto.args()))
    except Exception as ex:
        return_error(f"Failed to execute CheckTags. Error: {ex!s}")


if __name__ in ["__main__", "__builtin__", "builtins"]:
    main()

README

Check DomainTools domain tags and if a tag is found mark incident as high severity

Script Data


Name Description
Script Type python3
Tags DomainTools
Cortex XSOAR Version 6.9.0

Inputs


Argument Name Description
incident_id Incident ID
domain_tags Array of tags in the form of [{‘label’: ‘tag1’},{‘label’: ‘tag2’},{‘label’: ‘tag3’}]
malicious_tags Comma-seperated value of malicious tags to check. tag1,tag2,tag3

Outputs


There are no outputs for this script.