NCSCReportDetails
This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: - For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations - For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script - For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
python · NCSC Cyber Asssessment Framework
Source
import json import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 def calculate_overall(data: dict = None) -> str: if not data: return "" results = [x["Result"] for x in data] if "Not Achieved" in results: return "Not Achieved" elif "Partially Achieved" in results: return "Partially Achieved" else: return "Achieved" def main(): query = '-status:closed -category:job type:"NCSC CAF Assessment"' incidents = demisto.executeCommand("getIncidents", {"query": query})[0]["Contents"]["data"] if len(incidents) < 1: return "" incidents = sorted(incidents, key=lambda x: x["id"]) incident = incidents[0] if incident: md: str = "" custom_fields = incident.get("CustomFields") assessment_a_details = json.loads(custom_fields.get("cafaresultraw")) assessment_b_details = json.loads(custom_fields.get("cafbresultraw")) assessment_c_details = json.loads(custom_fields.get("cafcresultraw")) assessment_d_details = json.loads(custom_fields.get("cafdresultraw")) assessments = [ { "assessment": "CAF Objective A - Managing security risk", "details": assessment_a_details, }, { "assessment": "CAF Objective B - Protecting against cyber-attack", "details": assessment_b_details, }, { "assessment": "CAF Objective C - Detecting cyber security events", "details": assessment_c_details, }, { "assessment": "CAF Objective D - Minimising the impact of cyber security incidents", "details": assessment_d_details, }, ] for assessment in assessments: table = tableToMarkdown( assessment["assessment"], assessment["details"], ["Question", "Result", "Reason"], ) md += f"{table}\n\n" else: md = "" demisto.results(md) # noqa: RET503 if __name__ in ["__main__", "__builtin__", "builtins"]: main()
README
This script generates the report details used in the final report.
This automation runs using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.
Permissions
This automation runs using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here: For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | widget |
| Cortex XSOAR Version | 6.0.0 |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.