06-23-2021 06:29 AM
Hello,
I am new to XSOAR and I'm getting an error in the output response file from Recorded Future API, while modifying its version2 integration, to include few commands which are present in the first version but absent in the new version. The response output file from the API is a string file which starts with the error: "Failed to parse json object from response" followed by binary encoded, json data. I need the API response in a csv file as the final output of the command. Currently the _http_request internally converts the csv output to return it in json format(I guess this is where I am getting the error), which then I need to convert to .csv file.
The below code was added to the new integration.
This is the function added to the client class:
def get_any_risklist(
self, risk_list: List[str], cmd_url: str
)->str:
"""Get Specified Risk List command."""
params = {
'format': 'csv/splunk'
}
if risk_list:
params['list'] = risk_list
return
self._http_request(method='get',url_suffix=cmd_url,params=params)
The code added to the main function:
elif command in ["recorded-future-get-domain-risklist","recorded-future-get-url-risklist","recorded-future-get-ip-risklist","recorded-future-get-vulnerability-risklist","recorded-future-get-hash-risklist"]:
risk_list=demisto_args.get("list")
if command=="recorded-future-get-domain-risklist":
cmd_url='domain/risklist'
file_name='domain_risk_list.csv'
elif command=="recorded-future-get-url-risklist":
cmd_url="url/risklist"
file_name='url_risk_list.csv'
elif command=="recorded-future-get-ip-risklist":
cmd_url='ip/risklist'
file_name='ip_risk_list.csv'
elif command=="recorded-future-get-vulnerability-risklist":
cmd_url='vulnerability/risklist'
file_name='vulnerability_risk_list.csv'
elif command=="recorded-future-get-hash-risklist":
cmd_url='hash/risklist'
file_name='hash_risk_list.csv'
res = client.get_any_risklist(risk_list,cmd_url)
if not res:
return_error('Received empty response')
demisto.results(fileResult(filename=file_name, data=res.encode('utf-8'))
06-23-2021 08:43 AM
Hi @Naeema, it would be best to post this query in the XSOAR discussion area here: https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
