I am using the CALL REST API module with the Forescout.  

When making the API call to Forescout, if the IP finds a match, it returns the result fine. 
In the case there is no match, the playbook timeout with error.

https://forescout.mycompay/api/hosts/ip/1.1.1.1'

I tried the output script below to validate the status code but still getting the timeout issue when there is no match.  what condition can I use to get pass this error.

Hi Raymond,

The rest api result should be like:

[rest_api] Result: {'version': 2.0, 'success': True, 'reason': None, 'content': {'ok': True, 'url': 'https://github.com/', 'status_code': 200, 'reason': 'OK',.........

So, the output script you can adjust it as follows,

results = playbook.functions.results.rest_result
if results.content.status_code != 200:
  incident.addNote("404 Error: Host Not found")
else:
  incident.addNote(str(results))

I hope this is of assistance.

I am using the CALL REST API module with the Forescout.  

When making the API call to Forescout, if the IP finds a match, it returns the result fine. 
In the case there is no match, the playbook timeout with error.

https://forescout.mycompay/api/hosts/ip/1.1.1.1'

I tried the output script below to validate the status code but still getting the timeout issue when there is no match.  what condition can I use to get pass this error.

Thanks for the suggestion.  I just tried that but got the same error.

I do understand your point.  In most cases, I was able to do a simple output script to show the AP return details either there is a match or not.
In this situation, if API search is not found, the playbook can't run and simple return an error. 

I even tried this output script below to get the API result but still getting an error when there is no match.

results = playbook.functions.results.rest_result
incident.addNote(f"{results}")

Hi Raymond,

The rest api result should be like:

[rest_api] Result: {'version': 2.0, 'success': True, 'reason': None, 'content': {'ok': True, 'url': 'https://github.com/', 'status_code': 200, 'reason': 'OK',.........

So, the output script you can adjust it as follows,

results = playbook.functions.results.rest_result
if results.content.status_code != 200:
  incident.addNote("404 Error: Host Not found")
else:
  incident.addNote(str(results))

I hope this is of assistance.

I am using the CALL REST API module with the Forescout.  

When making the API call to Forescout, if the IP finds a match, it returns the result fine. 
In the case there is no match, the playbook timeout with error.

https://forescout.mycompay/api/hosts/ip/1.1.1.1'

I tried the output script below to validate the status code but still getting the timeout issue when there is no match.  what condition can I use to get pass this error.

Hi Raymond,

Can you try to put the rest_api_allowed_status_codes in 404?

When I do this, it will succeed in outputting the incident note.

Thanks for the suggestion.  I just tried that but got the same error.

I do understand your point.  In most cases, I was able to do a simple output script to show the AP return details either there is a match or not.
In this situation, if API search is not found, the playbook can't run and simple return an error. 

I even tried this output script below to get the API result but still getting an error when there is no match.

results = playbook.functions.results.rest_result
incident.addNote(f"{results}")

Hi Raymond,

The rest api result should be like:

[rest_api] Result: {'version': 2.0, 'success': True, 'reason': None, 'content': {'ok': True, 'url': 'https://github.com/', 'status_code': 200, 'reason': 'OK',.........

So, the output script you can adjust it as follows,

results = playbook.functions.results.rest_result
if results.content.status_code != 200:
  incident.addNote("404 Error: Host Not found")
else:
  incident.addNote(str(results))

I hope this is of assistance.

I am using the CALL REST API module with the Forescout.  

When making the API call to Forescout, if the IP finds a match, it returns the result fine. 
In the case there is no match, the playbook timeout with error.

https://forescout.mycompay/api/hosts/ip/1.1.1.1'

I tried the output script below to validate the status code but still getting the timeout issue when there is no match.  what condition can I use to get pass this error.

Thanks for the suggestion; since I am using the script, I added that in the allowed status in the code but got this error.  Anyone has any ideas if I am doing it right?
See my REST API CAll script below.

import json
results = playbook.functions.results.rest_token
content = results.content
token = content.text
headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': token
}
inputs.rest_api_method = 'GET'
inputs.rest_api_headers = json.dumps(headers)
inputs.rest_api_url = 'https://forescout.mycompany.com/api/hosts/ip/{}'.format(artifact.value)
inputs.rest_api_verify = False
inputs.rest_api_timeout = 60
inputs.rest_api_allowed_status_codes = 404

Hi Raymond,

Can you try to put the rest_api_allowed_status_codes in 404?

When I do this, it will succeed in outputting the incident note.

Thanks for the suggestion.  I just tried that but got the same error.

I do understand your point.  In most cases, I was able to do a simple output script to show the AP return details either there is a match or not.
In this situation, if API search is not found, the playbook can't run and simple return an error. 

I even tried this output script below to get the API result but still getting an error when there is no match.

results = playbook.functions.results.rest_result
incident.addNote(f"{results}")

Hi Raymond,

The rest api result should be like:

[rest_api] Result: {'version': 2.0, 'success': True, 'reason': None, 'content': {'ok': True, 'url': 'https://github.com/', 'status_code': 200, 'reason': 'OK',.........

So, the output script you can adjust it as follows,

results = playbook.functions.results.rest_result
if results.content.status_code != 200:
  incident.addNote("404 Error: Host Not found")
else:
  incident.addNote(str(results))

I hope this is of assistance.

I am using the CALL REST API module with the Forescout.  

When making the API call to Forescout, if the IP finds a match, it returns the result fine. 
In the case there is no match, the playbook timeout with error.

https://forescout.mycompay/api/hosts/ip/1.1.1.1'

I tried the output script below to validate the status code but still getting the timeout issue when there is no match.  what condition can I use to get pass this error.