Hi Khatir
Thank you for the response.. Quick Question.. Where should I implement the additions?
inputs.mail_to = ""
inputs.mail_cc = ""
inputs.mail_attachments = ""
inputs.mail_incident_id = incident.id
inputs.mail_from = ""
inputs.mail_subject = u"SOAR Incident - {0} {1}".format(incident.id, incident.name)
inputs.mail_body_html = """{% set NOT_FOUND = ["Not Found!","-","None",None] %}
{% macro get_row(label,field_name) -%}
{% set value = template_helper.get_incident_value(incident,field_name) %}
{% set style = "font-family: Calibri; color: rgb(31,73,125)" %}
{% if value and value not in NOT_FOUND and not value.startswith('-') %}
<tr>
<td width="100" style="{{style}}; font-weight:bold">{{ label }}</td>
<td style="{{style}}">{{ value | striptags }}</td>
</tr>
{% endif %}
{%- endmacro %}
<table width="100%" >
<tr>
<td colspan="2">
<br><h3 style="color: rgb(68,114,196)">Incident Message</h3>
<hr size="1" width="100%" noshade style="color:#FFDF57" align="center"/>
</td>
</tr>
<tr>
<td colspan="2">
Please note that we have noticed Microsoft Windows Defender ATP Alerts containing Unknown Microsoft Azure Security Center Events.
Please investigate and remediate.
</td>
</tr>
<tr>
<td colspan="2">
<h3 style="color: rgb(68,114,196)">Incident Details</h3>
<hr size="1" width="100%" noshade style="color:#FFDF57" align="center"/>
</td>
{{ get_row('Offense ID:','qradar_id') }}
{{ get_row('Domain:','qr_offense_domain') }}
{{ get_row('Offense Source Type:','qr_offense_index_type') }}
{{ get_row('Offense Source:','qr_offense_index_value') }}
</tr>
</tr>
</table>
<br>
"""
------------------------------
Arno Pretorius
------------------------------
Original Message:
Sent: Wed August 07, 2024 02:32 AM
From: Khatir MGHARI
Subject: Extract details into Email Template
The simplest solution is to make your macro more flexible. Instead of targeting a specific field, you can modify it to accept the field name as a parameter:
<response-element class="" _nghost-ng-c2497846996="" ng-version="0.0.0-PLACEHOLDER"></response-element>
{% macro get_row(label, field_name) -%}
{% set value = template_helper.get_incident_value(incident, field_name) %}
{% set style = "font-family: Calibri; color: rgb(31,73,125)" %}
{% if value and value not in NOT_FOUND and not value.startswith('-') %}
<tr>
<td width="100" style="{{style}}; font-weight:bold">{{ label }}</td>
<td style="{{style}}">{{ value | striptags }}</td>
</tr>
{% endif %}
{%- endmacro %}
------------------------------
Khatir MGHARI
Consultant Expert
CyberWayNow
Paris
Original Message:
Sent: Tue August 06, 2024 08:23 AM
From: Arno Pretorius
Subject: Extract details into Email Template
Good day
I am looking for a way to extract more than just the Offense Details from a case into a email template.
Right now I can extract details in the Offense Details into the email but I need to look at more info like the Artifacts.
this is the code used {{ get_row('Offense ID:','qradar_id') }}
here is the macro - How do I point it to another field like Artifact?
{% macro get_row(label,field_name) -%}
{% set value = template_helper.get_incident_value(incident,field_name) %}
{% set style = "font-family: Calibri; color: rgb(31,73,125)" %}
{% if value and value not in NOT_FOUND and not value.startswith('-') %}
<tr>
<td width="100" style="{{style}}; font-weight:bold">{{ label }}</td>
<td style="{{style}}">{{ value | striptags }}</td>
</tr>
{% endif %}
{%- endmacro %}
Your help is appreciated
------------------------------
Arno Pretorius
------------------------------