Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

trying to return raw output vs formatted

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

trying to return raw output vs formatted

L2 Linker

!py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx"}))`

The above works and turns in human readable format; however i want to return the raw json.

 

This works:
!azure-sentinel-list-incident-entities incident_id=xxxx-xxxx-xxxx raw-response=true

 

However this does not:

 !py script=`return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxx-xxxx-xxxx"}, {"raw-response":"true"}))`

 

I get the following error:

TypeError: executeCommand() takes exactly 3 arguments (4 given)


I need it in python, but I can't figure out the format to return the raw json.

 

Any help is appreciated,

Boyd

3 REPLIES 3

L2 Linker
Just pass it as another argument. This should work: return_results(demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":"xxxxxxx-xxxxxx-xxxxx", "raw-response":"true"}))

Thanks, I see what I did wrong there...
Though, oddly this returns the same thing twice:

 

entities = demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":external_id})
entitiesRaw = demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":external_id,"raw-response":"true"})
return_results(entities)
return_results(entitiesRaw)

 

I was expecting the raw json output similar to the following command, but return_results seems to be formatting it in human readable format; does that seem right?

This gives me what I need, but I need to put it in python code:

!azure-sentinel-list-incident-entities incident_id=xxxx-xxxx-xxxx raw-response=true

L2 Linker

Try this and see if it does what you are looking for.

entitiesRaw = demisto.executeCommand("azure-sentinel-list-incident-entities", {"incident_id":external_id})[0]["Contents"]

  • 2706 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!