ExampleJSScript

This is only an example script, to showcase how to use and write JavaScript scripts

javascript · Common Scripts

Source

// This is an Example server-side script that shows how to use and create JavaScript scripts in the Cortex XSOAR server
// The log function allows you to print data during script execution
log('Hello World');
// You can use arguments (that are added via the CLI) inside scripts in the following ways, (in our example,
// the argument name is : 'ArgumentExample')
// e.g. run this script !ExampleJSScript ArgumentExample=MD5
log('Your argument value = ' + args.ArgumentExample);
// You can view (but not change directly) incidents and investigation properties relevant to your current investigation
log('Investigation name is: ' + investigation.name);
// Please note incidents can be empty (e.g. if you run the from playground) the following returns the incident
// details only if the incidents are not empty
if (incidents && typeof incidents === 'object' && incidents !== null) {
  log('First incident details: ' + incidents[0].details);
}
// You can run specific integrations if they are already configured. The following is an example of a script
// running on a particular splunk instance called "Splunk1".
// The first example brings back the first event offset.
// log('Splunk query result: ' + executeCommand('search', {'using': 'Splunk1', 'query':' * | head 2 '})[0]['offset']);
// executeCommand is used to run a command without specifying the entity that will execute it.
// For example, if you want to run a single command that runs on every integration that supports the search command:
// log('Search query result: ' + executeCommand('search', {'query':' * | head 2 '}));
// Another example for executeCommand enables running an internal command that will get all entries of this investigation
log('First Entry content: ' + executeCommand('getEntries', {})[0]);
// You can check for all supported commands using the getAllSupportedCommands function.
// The following will return all supported commands and the entities supported
var cmds = getAllSupportedCommands();
for (var key in cmds) {
  if (cmds.hasOwnProperty(key)) {
    log('supporting integration: ' + key);
  }
}
// Util function isIp
log(isIp('8.8.8.8'));
// Util function http
var res = http('http://www.paloaltonetworks.com');
log('Http GET call result StatusCode = ' +res.StatusCode);
// You can perform operations on current investigation and incidents, see follow example,
// Methods descriptions available in CommonServer script.
/*
var user = 'David';
var time = new Date();
var taskId = '3';
setOwner(user);
setPlaybook('Phishing Playbook');
setSeverity({id: incidents[0].id, severity: 'Critical'});
setTaskDueDate({id: taskId, dueDate: time.toUTCString()});
taskAssign({id: taskId, assignee: user});
You can change incident type, name, severity, details and systems for an investigation with a single incident.
This can be done by sending an object to setIncident with the details.
setIncident({type: 'Phishing', details: 'Phishing on my computer', severity: 'Critical', name: 'Phishing incident',
            systems: '2.2.2.2,10.10.10.10'});
You can also spawn a new incident from the current one, in the same manner as changing the details of the incident:
createNewIncident({type: 'Phishing', details: 'Phishing on your computer', severity: 'Critical', name: 'Phishing incident',
                              systems: '2.2.2.2,10.10.10.10'});
return;
*/
// You can also return either string or JSON objects to be printed to the screen as script results
return 'Script success! GO and write new scripts :)';

README

Showcases how to use and write JavaScript scripts. (This is only an example script.)

Script Data


Name Description
Script Type javascript
Tags example

Inputs


Argument Name Description
ArgumentExample The example argument that will be passed into and used by the script.

Outputs


There are no outputs for this script.