ShowCampaignHighestSeverity
Displays the highest severity among the incidents that make up the phishing campaign.
python · Phishing Campaign
Source
import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 INFORMATIONAL_SEVERITY_COLOR = "rgb(64,65,66)" # Black LOW_SEVERITY_COLOR = "rgb(29,184,70)" # Green MEDIUM_SEVERITY_COLOR = "rgb(209,125,0)" # Orange HIGH_SEVERITY_COLOR = "rgb(209,60,60)" # Red CRITICAL_SEVERITY_COLOR = "rgb(143,0,14)" # Dark Red COLORS_AND_NAMES = { IncidentSeverity.UNKNOWN: {"color": INFORMATIONAL_SEVERITY_COLOR, "dsc": "Unknown"}, IncidentSeverity.INFO: {"color": INFORMATIONAL_SEVERITY_COLOR, "dsc": "Informational"}, IncidentSeverity.LOW: {"color": LOW_SEVERITY_COLOR, "dsc": "Low"}, IncidentSeverity.MEDIUM: {"color": MEDIUM_SEVERITY_COLOR, "dsc": "Medium"}, IncidentSeverity.HIGH: {"color": HIGH_SEVERITY_COLOR, "dsc": "High"}, IncidentSeverity.CRITICAL: {"color": CRITICAL_SEVERITY_COLOR, "dsc": "Critical"}, } def get_incident_severity(incident_id): data = execute_command("getIncidents", {"id": incident_id}) return dict_safe_get(data, ["data", 0, "severity"], IncidentSeverity.UNKNOWN) def incidents_id(): incidents = dict_safe_get(demisto.context(), ["EmailCampaign", "incidents"], []) for incident in incidents: yield incident["id"] def main(): # pragma: no cover try: # Getting incident context: highest_severity = max(IncidentSeverity.UNKNOWN, demisto.incident().get("severity", IncidentSeverity.UNKNOWN)) for incident_id in incidents_id(): highest_severity = max(highest_severity, get_incident_severity(incident_id)) # Determine color: color = COLORS_AND_NAMES[highest_severity]["color"] description = COLORS_AND_NAMES[highest_severity]["dsc"] html = ( "<div style='text-align:center; font-size:17px; padding: 15px;'> Highest Severity</br> " f"<div style='font-size:32px; color:{color};'> {description} </div></div>" ) except Exception: html = "<div style='text-align:center; padding: 20px;'> <div> No severity </div>" # Return the data to the layout: return_results( { "ContentsFormat": EntryFormat.HTML, "Type": EntryType.NOTE, "Contents": html, } ) if __name__ in ("__main__", "__builtin__", "builtins"): main()
README
Displays the highest severity among the incidents that make up the phishing campaign.
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | dynamic-section |
| Cortex XSOAR Version | 6.0.0 |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.