Running Script or Playbook in one tenant from another tenant.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Running Script or Playbook in one tenant from another tenant.

L2 Linker

Hi all,

I have a multi-tenant deployment. I want to run a script or playbook from one tenant to another tenant. How can I do this?

#XSOAR

2 accepted solutions

Accepted Solutions

L4 Transporter

You can use different API endpints. Please see the below example, which will retrieve the incidents under the tenant customer1. You can change the query according to your needs.

query="account:customer1"
body = {
    "filter":{
        "page":0,"size":200,"query":query,
        "period":{"byFrom":"days","fromValue":7,"byTo":"days"}
    }
    }

incidents = demisto.executeCommand("demisto-api-post", {'uri': f"/incidents/search/", 'body': body})[0]["Contents"]["response"]["data"]
demisto.results(incidents)




View solution in original post

Hi Gyldz,

Thank for your reply.
I didn't want to run script on an existing incident. My bad, I didn't specify that. For this, I first created an incident and assigned a default playbook to the incident. This way I can run the script I want.
demisto-api-post uri = /tenant_name/incident and
body;
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR-API/Create-single-incident 

View solution in original post

4 REPLIES 4

L4 Transporter

Hi, what kind of script do you want to run? You can make use of API calls for this purpose.

Yes, actually I want to run an automation script in XSOAR via API.

L4 Transporter

You can use different API endpints. Please see the below example, which will retrieve the incidents under the tenant customer1. You can change the query according to your needs.

query="account:customer1"
body = {
    "filter":{
        "page":0,"size":200,"query":query,
        "period":{"byFrom":"days","fromValue":7,"byTo":"days"}
    }
    }

incidents = demisto.executeCommand("demisto-api-post", {'uri': f"/incidents/search/", 'body': body})[0]["Contents"]["response"]["data"]
demisto.results(incidents)




Hi Gyldz,

Thank for your reply.
I didn't want to run script on an existing incident. My bad, I didn't specify that. For this, I first created an incident and assigned a default playbook to the incident. This way I can run the script I want.
demisto-api-post uri = /tenant_name/incident and
body;
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR-API/Create-single-incident 

  • 2 accepted solutions
  • 1241 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!