Dear Support,

My SOAR platform has Trend Micro Vision One application integrated with it. I have created multiple playbooks and everything is running fine. But where I am using functions in which output is required in return from Trend Micro Vision One. I am facing issues in them. For example: Function - Trend Micro Vision One: Get List of Submissions From Sandbox, Function - Trend Micro Vision One: Get Endpoint Activity Data, Function - Trend Micro Vision One: Get Endpoint data.

I have created scripts for having 'outputs to notes', scripts are also executing but else condition also adds message to the Notes i.e:

"Trend Micro Vision One added a note to the Incident 09/18/2025 16:49
### Trend Micro Vision One - Get List of Submissions From Sandbox
⚠️ No results found from the function."

I observe that everything is fine but I am unable to fetch output data from Trend Micro Vision One to have it on SOAR.

Script I am using in "Function - Trend Micro Vision One: Get List of Submissions From Sandbox" is:

-----------------------------------------------------------------------------------

# Output to Notes - Get List Sandbox
# Safe script for Playbook to log inputs + outputs from Vision One Sandbox

# Get the function results from the playbook
results = playbook.functions.results.get("trend_micro_vision_one_get_list_of_submissions_from_sandbox")

note_text = u"### Trend Micro Vision One - Get List of Submissions From Sandbox\n"

if results:
# ---- Capture Inputs ----
inputs = getattr(results, "inputs", {})
note_text += u"**Inputs:**\n"
note_text += u"- Task Start DateTime: {}\n".format(inputs.get("vision_one_task_start_date_time"))
note_text += u"- Task End DateTime: {}\n".format(inputs.get("vision_one_task_end_date_time"))
note_text += u"- Target DateTime: {}\n".format(inputs.get("vision_one_task_date_time_target"))
note_text += u"- Records Limit: {}\n".format(inputs.get("vision_one_records_limit"))
note_text += u"- Submission Filter: {}\n".format(inputs.get("vision_one_submission_filter"))

# ---- Capture Outputs ----
content = results.get("content", {})
items = content.get("items", [])

if items:
note_text += u"\n**Submissions Returned:**\n"
for idx, item in enumerate(items, 1):
note_text += u"{}. Submission ID: {}\n Status: {}\n File Name: {}\n Submitter: {}\n".format(
idx,
item.get("submissionId"),
item.get("status"),
item.get("fileName"),
item.get("submitter")
)
else:
note_text += u"\nNo submissions found.\n"
else:
note_text += u"\n⚠️ No results found from the function.\n"

incident.addNote(note_text)

-------------------------------------------------------------------------------

(It is also possible that script is having any mistake.)

Screenshots:

It is requested to kindly help me out in this case.

-----------------------------
Adeel Ahmad Kidwai

-----------------------------

------------------------------
Adeel Ahmad Kidwai
------------------------------

looks like a chatgpt script :)

just print the whole output of the function and see if it gives you anything

------------------------------
Mohamad islam Hamadieh
I post SOAR content and tips on linkedIn , follow me :)
https://linkedin.com/in/mohamadislam
------------------------------

Original Message:
Sent: Fri September 19, 2025 02:28 AM
From: Adeel Ahmad Kidwai
Subject: Issue in having playbook outputs in Notes tab using Trend Micro Vision One functions

Dear Support,

My SOAR platform has Trend Micro Vision One application integrated with it. I have created multiple playbooks and everything is running fine. But where I am using functions in which output is required in return from Trend Micro Vision One. I am facing issues in them. For example: Function - Trend Micro Vision One: Get List of Submissions From Sandbox, Function - Trend Micro Vision One: Get Endpoint Activity Data, Function - Trend Micro Vision One: Get Endpoint data.

I have created scripts for having 'outputs to notes', scripts are also executing but else condition also adds message to the Notes i.e:

"Trend Micro Vision One added a note to the Incident 09/18/2025 16:49
### Trend Micro Vision One - Get List of Submissions From Sandbox
⚠️ No results found from the function."

I observe that everything is fine but I am unable to fetch output data from Trend Micro Vision One to have it on SOAR.

Script I am using in "Function - Trend Micro Vision One: Get List of Submissions From Sandbox" is:

-----------------------------------------------------------------------------------

# Output to Notes - Get List Sandbox
# Safe script for Playbook to log inputs + outputs from Vision One Sandbox

# Get the function results from the playbook
results = playbook.functions.results.get("trend_micro_vision_one_get_list_of_submissions_from_sandbox")

note_text = u"### Trend Micro Vision One - Get List of Submissions From Sandbox\n"

if results:
# ---- Capture Inputs ----
inputs = getattr(results, "inputs", {})
note_text += u"**Inputs:**\n"
note_text += u"- Task Start DateTime: {}\n".format(inputs.get("vision_one_task_start_date_time"))
note_text += u"- Task End DateTime: {}\n".format(inputs.get("vision_one_task_end_date_time"))
note_text += u"- Target DateTime: {}\n".format(inputs.get("vision_one_task_date_time_target"))
note_text += u"- Records Limit: {}\n".format(inputs.get("vision_one_records_limit"))
note_text += u"- Submission Filter: {}\n".format(inputs.get("vision_one_submission_filter"))

# ---- Capture Outputs ----
content = results.get("content", {})
items = content.get("items", [])

if items:
note_text += u"\n**Submissions Returned:**\n"
for idx, item in enumerate(items, 1):
note_text += u"{}. Submission ID: {}\n Status: {}\n File Name: {}\n Submitter: {}\n".format(
idx,
item.get("submissionId"),
item.get("status"),
item.get("fileName"),
item.get("submitter")
)
else:
note_text += u"\nNo submissions found.\n"
else:
note_text += u"\n⚠️ No results found from the function.\n"

incident.addNote(note_text)

-------------------------------------------------------------------------------

(It is also possible that script is having any mistake.)

Screenshots:

It is requested to kindly help me out in this case.

-----------------------------
Adeel Ahmad Kidwai

-----------------------------

------------------------------
Adeel Ahmad Kidwai
------------------------------