InvestigationDetailedSummaryToTable
Shows InvestigationDetailedSummaryParse results as a markdown table.
python · Malware Investigation and Response
Source
from CommonServerPython import * TACTIC = "Tactic" STATUS = "Status" BOOL_TO_DESCRIPTION = {True: "🔴 Detected", False: "🟢 Not Detected"} def table_command(context: dict) -> CommandResults: if not context: return CommandResults( readable_output="### Waiting on entries\n" "When `InvestigationDetailedSummaryParse` is finished, its results will appear here." ) table_values: list[dict] = [] for tactic, techniques in context.items(): table_values.append({TACTIC: f"**{tactic.upper()}**", STATUS: ""}) techniques_list = techniques if isinstance(techniques, list) else [techniques] for technique_dict in techniques_list: for technique, found in technique_dict.items(): table_values.append({TACTIC: technique, STATUS: BOOL_TO_DESCRIPTION[found]}) readable_output = tableToMarkdown("", table_values, headers=[TACTIC, STATUS]) return CommandResults(readable_output=readable_output) def main(): try: context = json.loads(demisto.incident().get("CustomFields", {}).get("malwaredetailedinvestigationsummary") or "{}") return_results(table_command(context)) except Exception as ex: demisto.error(traceback.format_exc()) # print the traceback return_error(f"Failed to execute InvestigationDetailedSummaryToTable. Error: {ex!s}") if __name__ in ("__main__", "__builtin__", "builtins"): main()
README
This script shows InvestigationDetailedSummaryParse results as a Markdown table.
NOTE: This script assumes the results of InvestigationDetailedSummaryParse are stored in the malwaredetailedinvestigationsummary incident field.
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | basescript |
| Cortex XSOAR Version | 6.2.0 |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.