Assigning an array of Values to a key/variable

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Assigning an array of Values to a key/variable

L2 Linker

Hey guys,

 

I'm working on separating internal and external IP(s) on a playbook and I want to use those values in a email body. So currently I'm using a temporary list to store IP(s) then call when needed in the same playbook with ${lists.templist}. But I have two limitations with this approach,

 

  1. Cannot add more than one IP, as setList fails.
  2. Uncertain about what will happen if the playbook runs simultaneously on two different incidents.

If someone has a less messy method, please let me know.

 

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @vidurasupun, not sure what your use case is, I can help better if I understand what exactly your trying to do. 

 

By list I'm assuming your referring to a list of values in the incident's context? Not the external list function of Cortex https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/lists? The command setList is used for that. 

 

Try the attached playbook, it should do the trick. It uses an inbuilt conditional check and playbook looping to achieve the same outcome. You can also do this with a single automation. 

 

I had to change the extensions to xml, just change it back to yml before uploading to your server. 

 

 

 

 

 

 

View solution in original post

4 REPLIES 4

L4 Transporter

Not sure you can do a list and assign it to a variable.   Thinking you would have to identify a device group first, and the serial number of the firewall, and then assign a specific variable to that.   The firewalls/panorama is looking for a specific address/single address/entry for any given spot on a variable assigned to a device.

L5 Sessionator

Hi @vidurasupun, not sure what your use case is, I can help better if I understand what exactly your trying to do. 

 

By list I'm assuming your referring to a list of values in the incident's context? Not the external list function of Cortex https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/lists? The command setList is used for that. 

 

Try the attached playbook, it should do the trick. It uses an inbuilt conditional check and playbook looping to achieve the same outcome. You can also do this with a single automation. 

 

I had to change the extensions to xml, just change it back to yml before uploading to your server. 

 

 

 

 

 

 

L2 Linker

 Sec101 thank you for the response but I need to do the same thing on the playbook level, as Jfernandes1 mentioned he is using the set automation to assign external IP(s) to the key externalIPs then I can call it later in my playbook as an example to send a mail like below.

 

Hi Network Team,

Please block the IP(s) ${externalIPs} from the FW. 

@jfernandes1

Thank you for the solution. I added bit of stuff on top your playbook,

 
  1. extractIndicators automation to extract the IP(s) from the incident.
  2. Setting IP = IP.Address to give the input to rangeloop.
     
  • 1 accepted solution
  • 4194 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!