IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Accessing Source and Destination properties of IP artifact

  • 1.  Accessing Source and Destination properties of IP artifact

    Posted Thu November 12, 2020 12:47 PM
    I was looking at this since a long time and did not find any reference and documentation on it, so here it is :

    If you want to access Source and Destination properties of IP artifact, you may use those following options:

    in new version with python 2 or 3 (v38.2)

    "the properties are set once you explicitly set an ip field. I see the same behaviour for python 3 as for python 2 when a field of ip is set.

    • the 'properties' list is set up at the time of object creation and detemines whether ip.source and ip.destination can subsequently be updated from the artifact script.
    • if ip.source is set to True or False during object creation, the properties list is set up to include source data. ip.source can subsequently be updated from the artifact script.
    • if ip.source is not set during object creation, the properties list is set up without source data. ip.source cannot subsequently be updated from the artifact script.

    Same applies to ip.destination


    Example in Python2:

    Beware of python 3 and the error while checking a value that does not exist, like if test.ip.destination = False wast not set, the value does not exist and making a verification of this information may fail !

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------


  • 2.  RE: Accessing Source and Destination properties of IP artifact

    IBM Champion
    Posted Thu November 12, 2020 10:11 PM
    Nice write-up @BENOIT ROSTAGNI.

    Perhaps the Resilient team can update developer documentation to include this unintuitive scripting logic.

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------

    Original Message