InvestigationDetailedSummaryToTable

Shows InvestigationDetailedSummaryParse results as a markdown table.

python · Malware Investigation and Response

Source

from CommonServerPython import *

TACTIC = "Tactic"
STATUS = "Status"
BOOL_TO_DESCRIPTION = {True: "🔴  Detected", False: "🟢  Not Detected"}


def table_command(context: dict) -> CommandResults:
    if not context:
        return CommandResults(
            readable_output="### Waiting on entries\n"
            "When `InvestigationDetailedSummaryParse` is finished, its results will appear here."
        )
    table_values: list[dict] = []
    for tactic, techniques in context.items():
        table_values.append({TACTIC: f"**{tactic.upper()}**", STATUS: ""})

        techniques_list = techniques if isinstance(techniques, list) else [techniques]
        for technique_dict in techniques_list:
            for technique, found in technique_dict.items():
                table_values.append({TACTIC: technique, STATUS: BOOL_TO_DESCRIPTION[found]})

    readable_output = tableToMarkdown("", table_values, headers=[TACTIC, STATUS])
    return CommandResults(readable_output=readable_output)


def main():
    try:
        context = json.loads(demisto.incident().get("CustomFields", {}).get("malwaredetailedinvestigationsummary") or "{}")
        return_results(table_command(context))
    except Exception as ex:
        demisto.error(traceback.format_exc())  # print the traceback
        return_error(f"Failed to execute InvestigationDetailedSummaryToTable. Error: {ex!s}")


if __name__ in ("__main__", "__builtin__", "builtins"):
    main()

README

This script shows InvestigationDetailedSummaryParse results as a Markdown table.
NOTE: This script assumes the results of InvestigationDetailedSummaryParse are stored in the malwaredetailedinvestigationsummary incident field.

Script Data


Name Description
Script Type python3
Tags basescript
Cortex XSOAR Version 6.2.0

Inputs


There are no inputs for this script.

Outputs


There are no outputs for this script.