LinkToPhishingCampaign
Links a Phishing incident to its related Phishing Campaign incident.
python · Phishing
Source
import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 BLACK_COLOR = "color:rgb(64,65,66)" server_url = "" html = "" try: incident = demisto.incidents() incident_id = incident[0].get("id", {}) campaign_incident_id = str(incident[0].get("CustomFields", {}).get("partofcampaign", "")) urls = demisto.demistoUrls() server_url = urls.get("server", "") if campaign_incident_id and campaign_incident_id != "None": prefix = "Custom" if is_xsoar_saas() else "#/Custom" related_url = f"{server_url}/{prefix}/vvoh19d1ue/{campaign_incident_id}" html = f"""<div style='text-align:center; padding: 40px; font-size:15px; {BLACK_COLOR};' >This incident is part of a <a href="{related_url}" >Phishing Campaign #{campaign_incident_id}</a></div>""" else: html = f"""<div style='text-align:center; padding: 40px; font-size:15px; {BLACK_COLOR};' >This incident is not part of a phishing campaign.</div>""" except Exception: html = f"""<div style='text-align:center; padding: 40px; font-size:15px; {BLACK_COLOR};' >This incident is part of a phishing campaign (incident #{campaign_incident_id}).</div>""" demisto.results({"ContentsFormat": formats["html"], "Type": entryTypes["note"], "Contents": html})
README
Links a Phishing incident to its related Phishing Campaign incident.
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | dynamic-section, phishing, campaign |
| Cortex XSOAR Version | 6.0.0 |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.