https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582493#M3197 <P>Hi Amontminy,<BR /><BR />Yeah i did see this, and was struggling on how to use this exactly. Couldn't find any information or examples. I am assuming if i can get some detail back then it would need to be manipulated (parsed?) and passed onwards into my variables that then execute the task (that work ok when hard coded).<BR /><BR />Will keep on digging! Thanks so far.<BR /><BR /><BR /></P> <P><BR />Steve</P> Wed, 03 Apr 2024 12:53:16 GMT SHobbins 2024-04-03T12:53:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582383#M3193 <P>Hi All,<BR /><BR />i am new to XSOAR playbooks but i have managed to get a playbook operational that accepts data from a Microsoft form and then updates a crowdstrike endpoint's tag information (this end point is hard coded atm via its ID).<BR /><BR />The automation (cs-update-device-tags) will only accept the Crowdstrike ID. Its a unique 32 character value, which is obviously not user friendly and unreasonable to expect people to know this. The users of the form will know the windows/linux hostname but not know the ID.<BR /><BR />I am struggling to come up with a way to take the hostname variable i have collected from the form, and then somehow resolve this to its ID and then continue on with the action of updating the tag via cs-update-device-tags.<BR /><BR />Documentation in this area seems quite light. Has anyone done something similar or can offer any ideas?<BR /><BR /></P> <P>Thanks in advance!</P> <P>&nbsp;</P> <P>Steve</P> Tue, 02 Apr 2024 15:43:41 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582383#M3193 SHobbins 2024-04-02T15:43:41Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582393#M3194 <P>It looks like you are using the Crowdstrike OpenAPI (Beta) integration. It looks like there is a command&nbsp;<SPAN>cs-query-devices-by-filter which can query your environment using a hostname which I believe will return the ID you need.</SPAN></P> Tue, 02 Apr 2024 17:01:02 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582393#M3194 amontminy 2024-04-02T17:01:02Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582493#M3197 <P>Hi Amontminy,<BR /><BR />Yeah i did see this, and was struggling on how to use this exactly. Couldn't find any information or examples. I am assuming if i can get some detail back then it would need to be manipulated (parsed?) and passed onwards into my variables that then execute the task (that work ok when hard coded).<BR /><BR />Will keep on digging! Thanks so far.<BR /><BR /><BR /></P> <P><BR />Steve</P> Wed, 03 Apr 2024 12:53:16 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582493#M3197 SHobbins 2024-04-03T12:53:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582646#M3205 <P>Hi all,<BR /><BR />Pulling my hair out here, i am wondering if this is a bug or something related to it being beta?<BR /><BR />If i run this command manually in playground to validate the task was running the correct command, and whilst it completes with no error - i get nothing back (no values returned) :&nbsp;<BR /><BR />!cs-query-devices-by-filter offset=1 limit=10 sort=hostname.asc filter_=hostname:'HOST682'<BR /><BR />If i run the command below, i get multiple results returned under 'resources' which having checked them look to be the Host IDs of all the hosts that fall under the wildcard (Good!) :<BR /><BR />!cs-query-devices-by-filter offset=1 limit=10 sort=hostname.asc filter_=hostname:'HOST68*'<BR /><BR />Can anyone explain why when i run the query with a hostname explicitly set it doesn't work (no resource value returned) ??<BR /><BR />Thanks<BR /><BR />Steve<BR /><BR /><BR /><BR /></P> Thu, 04 Apr 2024 13:36:26 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-playbook-crowdstrike-endpoint-update/m-p/582646#M3205 SHobbins 2024-04-04T13:36:26Z