OnboardingCleanup
Cleanup the incidents and indicators created by OnboardingIntegration This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: - For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations - For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script - For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script
python · OnboardingIntegration
Source
import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 try: # Delete indicators generated by the OnboardingIntegration delete_indicators_cmd_args = {"query": "incident.sourceBrand:OnboardingIntegration", "doNotWhitelist": "true"} command_result = demisto.executeCommand("deleteIndicators", delete_indicators_cmd_args) if isError(command_result[0]): raise Exception(command_result[0]) demisto.results("Indicators added by incidents generated by the OnboardingIntegration have been deleted.") # Close incidents of type Phishing that were created by OnboardingIntegration get_incidents_cmd_args = {"query": "type:Phishing and sourceBrand:OnboardingIntegration and -status:Closed"} res_get_incidents = demisto.executeCommand("getIncidents", get_incidents_cmd_args) incidents = res_get_incidents[0].get("Contents", {}).get("data") res = [] if incidents: for incident in incidents: incident_id = incident.get("id") incident_name = incident.get("name") res.append({"Incident ID": incident_id, "Incident Name": incident_name}) close_investigation_cmd_args = { "id": incident_id, "closeNotes": "Closing all incidents of type PhishingDemo. (Cleanup)", } demisto.executeCommand("closeInvestigation", close_investigation_cmd_args) headers = ["Incident ID", "Incident Name"] title = f"Total Incidents Closed: {len(res)}" human_readable = tableToMarkdown(title, res, headers=headers, removeNull=True) demisto.results( { "Type": entryTypes["note"], "Contents": res, "ContentsFormat": formats["json"], "ReadableContentsFormat": formats["markdown"], "HumanReadable": human_readable, } ) except Exception as e: demisto.results( { "Type": entryTypes["error"], "ContentsFormat": formats["text"], "Contents": "A problem occurred while trying to execute this script. Exception info:\n" + str(e), } )
README
Cleans up the incidents and indicators created by the Onboarding Integration command.
Permissions
This automation runs using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here: For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | - |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.