IBM QRadar SOAR

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------

Hi Mihir,

The message destination is defined in a function, and you can have more than one workflow to reuse the same function, so you could not get the rule or workflow's name from a handler or event.messages['action'].
You can use the script below in your function script instead:
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]

------------------------------
LILY WANG
------------------------------

Original Message:
Sent: Thu May 16, 2019 04:36 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------

Hi Lily,

Thanks. The suggestion works, I was able to complete the required integration and workflow.


------------------------------
Mihir Ashar
------------------------------

Original Message:
Sent: Thu May 16, 2019 07:57 PM
From: LILY WANG
Subject: Calling Message Destinations in Workflows

Hi Mihir,

The message destination is defined in a function, and you can have more than one workflow to reuse the same function, so you could not get the rule or workflow's name from a handler or event.messages['action'].
You can use the script below in your function script instead:
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]

------------------------------
LILY WANG

Original Message:
Sent: Thu May 16, 2019 04:36 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------

Hi Mihir,

How you solved this? I use a custom action and this solution didn't work.

Thanks

------------------------------
Jasmine
------------------------------

Original Message:
Sent: Fri May 17, 2019 04:14 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Lily,

Thanks. The suggestion works, I was able to complete the required integration and workflow.


------------------------------
Mihir Ashar

Original Message:
Sent: Thu May 16, 2019 07:57 PM
From: LILY WANG
Subject: Calling Message Destinations in Workflows

Hi Mihir,

The message destination is defined in a function, and you can have more than one workflow to reuse the same function, so you could not get the rule or workflow's name from a handler or event.messages['action'].
You can use the script below in your function script instead:
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]

------------------------------
LILY WANG

Original Message:
Sent: Thu May 16, 2019 04:36 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------

Hi,

When i had faced this issue, based on Lily's suggestion I did this as follows : 
I had created the handler 
@handler("_unnamed_")
and then used the above 
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]
to control the flow and send it to required method in my code.


------------------------------
Mihir Ashar
------------------------------

Original Message:
Sent: Mon June 29, 2020 03:46 PM
From: Jasmine
Subject: Calling Message Destinations in Workflows

Hi Mihir,

How you solved this? I use a custom action and this solution didn't work.

Thanks

------------------------------
Jasmine

Original Message:
Sent: Fri May 17, 2019 04:14 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Lily,

Thanks. The suggestion works, I was able to complete the required integration and workflow.


------------------------------
Mihir Ashar

Original Message:
Sent: Thu May 16, 2019 07:57 PM
From: LILY WANG
Subject: Calling Message Destinations in Workflows

Hi Mihir,

The message destination is defined in a function, and you can have more than one workflow to reuse the same function, so you could not get the rule or workflow's name from a handler or event.messages['action'].
You can use the script below in your function script instead:
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]

------------------------------
LILY WANG

Original Message:
Sent: Thu May 16, 2019 04:36 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------

Hi Mihir,

You saved my day! Thank you!

------------------------------
Jasmine
------------------------------

Original Message:
Sent: Tue June 30, 2020 03:11 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi,

When i had faced this issue, based on Lily's suggestion I did this as follows : 
I had created the handler 
@handler("_unnamed_")
and then used the above 
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]
to control the flow and send it to required method in my code.


------------------------------
Mihir Ashar

Original Message:
Sent: Mon June 29, 2020 03:46 PM
From: Jasmine
Subject: Calling Message Destinations in Workflows

Hi Mihir,

How you solved this? I use a custom action and this solution didn't work.

Thanks

------------------------------
Jasmine

Original Message:
Sent: Fri May 17, 2019 04:14 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Lily,

Thanks. The suggestion works, I was able to complete the required integration and workflow.


------------------------------
Mihir Ashar

Original Message:
Sent: Thu May 16, 2019 07:57 PM
From: LILY WANG
Subject: Calling Message Destinations in Workflows

Hi Mihir,

The message destination is defined in a function, and you can have more than one workflow to reuse the same function, so you could not get the rule or workflow's name from a handler or event.messages['action'].
You can use the script below in your function script instead:
        workflow_name = event.message["workflow"]["name"]
        workflow_id = event.message["workflow"]["workflow_id"]
        workflow_api_name = event.message["workflow"]["programmatic_name"]

------------------------------
LILY WANG

Original Message:
Sent: Thu May 16, 2019 04:36 AM
From: Mihir Ashar
Subject: Calling Message Destinations in Workflows

Hi Team,

I have created a work flow and within that have called a message destination. The message destination processes the requests fine and as expected when executed using the manual action. But when I call the same from workflow i am getting following in the logs : 
2019-05-16 13:46:32,331 INFO [actions_component] Action: _unnamed_
2019-05-16 13:46:32,352 INFO [actions_component] Event: <_unnamed_[] (id=None, workflow=Process IoCs - Search & Monitor, user=user@office.com) 2019-05-16 08:16:32.105000> Channel: actions.apicalls

its not able to process from the workflows. Is there any guideline or configuration to be done to use message destinations in workflow so that they get the action/event name.



------------------------------
Mihir Ashar
------------------------------