GetInstances

Returns integration instances configured in Cortex XSOAR. You can filter by instance status and/or brand name (vendor).

python · Common Scripts

Source

from collections.abc import Iterator

import demistomock as demisto  # noqa: F401
from CommonServerPython import *  # noqa: F401

INTERNAL_MODULES_BRANDS = ["Scripts", "Builtin", "testmodule"]


def filter_config(module: dict, filter_brand: Optional[List[str]] = None, instance_status: str = "active"):
    brand = module.get("brand")
    if brand in INTERNAL_MODULES_BRANDS:
        return False
    elif filter_brand and brand not in filter_brand:
        return False
    elif instance_status != "both" and module.get("state") != instance_status:
        return False

    return True


def prepare_args(args: dict):
    if "brand" in args:
        args["filter_brand"] = argToList(args.pop("brand"))

    if args.get("instance_status") not in ["active", "both", "disabled"]:
        raise ValueError("instance_status should be one of the following 'active', 'both', 'disabled'")

    return args


def filter_instances(modules: dict, **kwargs) -> Iterator[dict]:
    for instance, config in modules.items():
        if filter_config(config, **kwargs):
            config["name"] = instance
            yield config


def main():
    try:
        args = prepare_args(demisto.args())
        context_config = list(filter_instances(demisto.getModules(), **args))
        return_results(
            CommandResults(
                outputs=context_config,
                outputs_prefix="Modules",
            )
        )
    except Exception as error:
        return_error(str(error), error)


if __name__ in ["__main__", "builtins"]:
    main()

README

Returns integration instances configured in Cortex XSOAR. You can filter by instance status and/or brand name (vendor).

Script Data


Name Description
Script Type python3
Tags  
Cortex XSOAR Version 5.0.0

Inputs


Argument Name Description
brand Brand name to filter instances by.
instance_status Instance status to filter instances by. Can be “active”, “disabled”, or “both”. Default is “active”.

Outputs


Path Description Type
Modules.name The instance name. string
Modules.category The instance category. string
Modules.defaultIgnored True if the instance avilable by default, otherwise false. string
Modules.state True if the instance is enabled, otherwise false. string
Modules.brand The instance brand. string

Script Example


## Context Example

```json
{
    "Modules": [
        {
            "brand": "EWS v2",
            "category": "Messaging",
            "defaultIgnored": "false",
            "name": "EWS v2_instance_1",
            "state": "active"
        },
        {
            "brand": "Elasticsearch v2",
            "category": "Database",
            "defaultIgnored": "false",
            "name": "Elasticsearch v2_instance_1",
            "state": "active"
        },
        {
            "brand": "Elasticsearch v2",
            "category": "Database",
            "defaultIgnored": "false",
            "name": "Elasticsearch v2_instance_2",
            "state": "disabled"
        },
        {
            "brand": "Rapid7 Nexpose",
            "category": "Vulnerability Management",
            "defaultIgnored": "false",
            "name": "Rapid7 Nexpose_instance_1",
            "state": "active"
        },
        {
            "brand": "activedir-login",
            "category": "Messaging",
            "defaultIgnored": "false",
            "name": "ad-login",
            "state": "active"
        },
        {
            "brand": "activedir",
            "category": "Data Enrichment & Threat Intelligence",
            "defaultIgnored": "false",
            "name": "ad-query",
            "state": "active"
        },
        {
            "brand": "d2",
            "category": "Endpoint",
            "defaultIgnored": "false",
            "name": "d2",
            "state": "active"
        },
        {
            "brand": "splunk",
            "category": "Analytics & SIEM",
            "defaultIgnored": "false",
            "name": "splunk",
            "state": "active"
        }
    ]
}

Human Readable Output

Results

brand category defaultIgnored name state
EWS v2 Messaging false EWS v2_instance_1 active
Elasticsearch v2 Database false Elasticsearch v2_instance_1 active
Elasticsearch v2 Database false Elasticsearch v2_instance_2 disabled
Rapid7 Nexpose Vulnerability Management false Rapid7 Nexpose_instance_1 active
activedir-login Messaging false ad-login active
activedir Data Enrichment & Threat Intelligence false ad-query active
d2 Endpoint false d2 active
splunk Analytics & SIEM false splunk active