Add a screenshot to indicator layout using rasterize url

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Add a screenshot to indicator layout using rasterize url

L1 Bithead

Currently using rasterize url to add screenshots to incidents, any way to do the same for indicators?

 

Thanks for any help

1 accepted solution

Accepted Solutions

L3 Networker

Hi @NickyR – There is no straightforward way to do this for indicators, because indicators do not have an investigation (with a War Room, ability to store files, etc.) like incidents do.

 

However, it is possible to work around this by combining an indicator general purpose dynamic section script in the indicator layout with `rasterize` screenshots pulled from incidents. The workflow would be:

  1. Run rasterization of URLs in incidents
  2. Tag rasterize results with tag "rasterize"
  3. Create an indicator general purpose dynamic section script and add a section to run it in the URL indicator layout
  4. The general purpose dynamic section script does the following:
    1. Get incident IDs associated with the indicator
    2. Iterate over those incident IDs to see if they have any entries tagged with "rasterize". (Be mindful of the risk of overloading the server if some indicators are associated with an excessive number of incidents. The attached sample code cuts off after 10 incidents max for this reason.)
    3. If yes, grab the rasterization screenshot from the incident and display it using markdown

 

Please see the attached sample code for the general purpose dynamic section script. Be sure to test on dev first and use at your own risk!

View solution in original post

5 REPLIES 5

L3 Networker

Hi @NickyR – There is no straightforward way to do this for indicators, because indicators do not have an investigation (with a War Room, ability to store files, etc.) like incidents do.

 

However, it is possible to work around this by combining an indicator general purpose dynamic section script in the indicator layout with `rasterize` screenshots pulled from incidents. The workflow would be:

  1. Run rasterization of URLs in incidents
  2. Tag rasterize results with tag "rasterize"
  3. Create an indicator general purpose dynamic section script and add a section to run it in the URL indicator layout
  4. The general purpose dynamic section script does the following:
    1. Get incident IDs associated with the indicator
    2. Iterate over those incident IDs to see if they have any entries tagged with "rasterize". (Be mindful of the risk of overloading the server if some indicators are associated with an excessive number of incidents. The attached sample code cuts off after 10 incidents max for this reason.)
    3. If yes, grab the rasterization screenshot from the incident and display it using markdown

 

Please see the attached sample code for the general purpose dynamic section script. Be sure to test on dev first and use at your own risk!

L1 Bithead

@asawyer you're incredible. Already had tags going for this with little to no tweaks in that script it worked perfectly. I really appreciate your response and helping me out! Thank you

@asawyer so this works cause I had the rasterization run in the playbook per incident so that file is stored can can be retrieved. But say I want to get a screenshot/rasterize in this script to display content every time that script is ran(after the incident is closed), not just from the incident but the present content of the site, you have a rough idea how to approach?

Think I got it! Basically just created a single step playbook with rasterize URL. Within the automation script I would reopen the case and then setPlaybook to that new basic playbook and grab that tagged png entity.

Nice! With the limitation of indicators not having an investigation like incidents do, I think that is the cleanest possible approach.

  • 1 accepted solution
  • 2907 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!