11-09-2021 07:16 AM
Take a look at the automation script widgets here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/widgets/create-a-custom...
As an example for you use case (and assuming you have fields called "True Positive" and "False Positive" that are boolean (bear in mind this is pseudo code and not tested):
page = 0
size = 100
table_results = dict()
data = demisto.executeCommand("getIncidents", {"page": page, "size": size})[0]['Contents']
while data.get('data'):
for incident in data.get('data'):
inc_type = incident.get('type')
custom_fields = incident.get('CustomFields')
if inc_type not in table_results:
table_results[inc_type] = {
"True Positive": int(custom_fields.get('truepositive')) or 0,
"False Positive": int(custom_fields.get('falsepositive')) or 0,
"Duplicate": custom_fields.get('dropppedcount') or 0,
}
else:
if custom_fields.get('truepositive'):
table_results[inc_type]['True Positive'] += 1
if custom_fields.get('falsepositive'):
table_results[inc_type]['False Positive'] += 1
table_results[inc_type]['Duplicate'] += incident.get('droppedcount')
page += 1
data = demisto.executeCommand("getIncidents", {"page": page, "size": size})[0]['Contents']
return_results = [{
"Type": k,
"True Positive": v.get('True Positive'),
"False Positive": v.get('False Positive'),
"Duplicate": v.get('Duplicate')
} for k, v in table_results.items()]
return_results(return_results)
