Display flags in long XSOAR automation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Display flags in long XSOAR automation

L2 Linker

Hello,

A long automation with no time limit is created. However, when we execute it, there's no way to know if it's executing properly.

We've tried: "demisto.results" and putting information in the context but it only appears when it's completely executed.

 

How can we display flags to know the progress of an automation?

 

1 accepted solution

Accepted Solutions

L3 Networker

Hi SanDev, all output is queued to display after the automation finishes which is why demisto.results doesn't work. The only way around this would be to use the Demisto API to call the Print command to print to the war room. Here is what I did to test this functionality:

 

import time

i = 1
id = demisto.incident().get("id")

while i < 3:
    body = {
	    "investigationId": id,
	    "data": f"!Print value=`I have looped {i} times.`"
    }
    
    demisto.executeCommand("demisto-api-post", {"uri":"/entry", "body": body})
    time.sleep(1)
    i += 1
    
return_results("All Done")

 

 

Hope this helps!

View solution in original post

7 REPLIES 7

L3 Networker

Hi SanDev, all output is queued to display after the automation finishes which is why demisto.results doesn't work. The only way around this would be to use the Demisto API to call the Print command to print to the war room. Here is what I did to test this functionality:

 

import time

i = 1
id = demisto.incident().get("id")

while i < 3:
    body = {
	    "investigationId": id,
	    "data": f"!Print value=`I have looped {i} times.`"
    }
    
    demisto.executeCommand("demisto-api-post", {"uri":"/entry", "body": body})
    time.sleep(1)
    i += 1
    
return_results("All Done")

 

 

Hope this helps!

Thanks for your reply.

I'll try to use "demisto-api-post". I'll tell you if it works. 

L2 Linker

It worked perfectly. However, I don't know where to find the posible values of "URI".  "/entry" I supose that it's in the War Room.

You can see all the different API endpoints in Settings > Integrations > API Keys > View Cortex XSOAR API. /entry is the endpoint that creates a war room entry and the body of that API request just requires the investigation ID and whatever you want to post to the war room.

Let me understand, I just discovered this feature. This is like using XSOAR as an API and with the command, in this case "\entry", you can choose where to execute the command you want.

 

The documentation is not easy to understand😅

 

That's exactly right. 

demisto.executeCommand("demisto-api-post", {"uri":"/entry", "body": body})

In this line we are telling XSOAR to execute the command demisto-api-post. That command uses the API to post to the endpoint /entry with a body of text. The /entry endpoint posts an entry to a war room exactly like you would manually from the war room itself.

I will take another look at the others, because I didn't understand how to use them. The one you told me is crystal clear. Many thanks. ❤️

  • 1 accepted solution
  • 2278 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!