Display flags in long XSOAR automation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Display flags in long XSOAR automation

L1 Bithead

Hello,

A long automation with no time limit is created. However, when we execute it, there's no way to know if it's executing properly.

We've tried: "demisto.results" and putting information in the context but it only appears when it's completely executed.

 

How can we display flags to know the progress of an automation?

 

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

Hi SanDev, all output is queued to display after the automation finishes which is why demisto.results doesn't work. The only way around this would be to use the Demisto API to call the Print command to print to the war room. Here is what I did to test this functionality:

 

import time

i = 1
id = demisto.incident().get("id")

while i < 3:
    body = {
	    "investigationId": id,
	    "data": f"!Print value=`I have looped {i} times.`"
    }
    
    demisto.executeCommand("demisto-api-post", {"uri":"/entry", "body": body})
    time.sleep(1)
    i += 1
    
return_results("All Done")

 

 

Hope this helps!

View solution in original post

7 REPLIES 7

L2 Linker

Hi SanDev, all output is queued to display after the automation finishes which is why demisto.results doesn't work. The only way around this would be to use the Demisto API to call the Print command to print to the war room. Here is what I did to test this functionality:

 

import time

i = 1
id = demisto.incident().get("id")

while i < 3:
    body = {
	    "investigationId": id,
	    "data": f"!Print value=`I have looped {i} times.`"
    }
    
    demisto.executeCommand("demisto-api-post", {"uri":"/entry", "body": body})
    time.sleep(1)
    i += 1
    
return_results("All Done")

 

 

Hope this helps!

Thanks for your reply.

I'll try to use "demisto-api-post". I'll tell you if it works. 

L1 Bithead

It worked perfectly. However, I don't know where to find the posible values of "URI".  "/entry" I supose that it's in the War Room.

You can see all the different API endpoints in Settings > Integrations > API Keys > View Cortex XSOAR API. /entry is the endpoint that creates a war room entry and the body of that API request just requires the investigation ID and whatever you want to post to the war room.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!