PrismaCloudComputeParseVulnerabilityAlert
Parse Vulnerability alert raw JSON data.
Source
import json import demistomock as demisto from CommonServerPython import * def parse_vulnerability(raw_json): data = json.loads(raw_json) if data.get("kind") != "vulnerability": raise ValueError(f"Input should be a raw JSON vulnerability alert, received: {raw_json}") outputs = {"PrismaCloudCompute.VulnerabilityAlert": data} # remove unneeded fields from human readable results headers: list = [] for field in data: if field not in ["_id", "kind", "vulnerabilities"]: headers.append(field) headers.sort() readable_outputs = tableToMarkdown("Vulnerability Information", data, headers=headers) # add another table for vulnerabilities readable_outputs += tableToMarkdown("Vulnerabilities", data.get("vulnerabilities")) return (readable_outputs, outputs, raw_json) def main(): try: return_outputs(*parse_vulnerability(demisto.args().get("alert_raw_json", ""))) except Exception as ex: return_error(f"Failed to execute PrismaCloudComputeParseVulnerabilityAlert. Error: {ex!s}") if __name__ in ("__builtin__", "builtins"): main()
README
Parse Vulnerability alert raw JSON data
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | Prisma Cloud Compute |
| Cortex XSOAR Version | 5.0.0 |
Used In
This script is used in the following playbooks and scripts.
- Prisma Cloud Compute - Vulnerability Alert
Inputs
| Argument Name | Description |
|---|---|
| alert_raw_json | The vulneribility alert raw JSON data |
Outputs
| Path | Description | Type |
|---|---|---|
| PrismaCloudCompute.VulnerabilityAlert.time | Vulnerability discovery time | Date |
| PrismaCloudCompute.VulnerabilityAlert.imageName | Impacted image name | String |
| PrismaCloudCompute.VulnerabilityAlert.distroName | Full name of the image distribution | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.cve | CVE ID of the vulnerability | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.severity | The Severity of the vulnerability | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.link | The CVE vendor link | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.status | The CVE vendor status | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.packages | Package names | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.packageVersion | The version of the package that caused the vulnerability | String |
| PrismaCloudCompute.VulnerabilityAlert.vulnerabilities.sourcePackage | The name of the source package if such package exist, for os packages, source package is the package used to build the binary | String |