IBM Security QRadar SOAR

 View Only
  • 1.  Iterating JSON (REST API) fn_utilities

    Posted 29 days ago
    Team,

    I was wondering if anyone could assist in understanding the in-product scripting.

    Based on the JSON returned from the REST API I would like to iterate through the JSON and have them added to the description of the artifact.

    {"success":true,"results":[{"source":"www.squadhelp.com","indicators":[],"compromised":[],"tags":["search-engine","squadhelp"],"sourceUrl":"https://www.squadhelp.com/name/Hackers.gg","derived":[],"inReport":[]},{"source":"forum.escapefromtarkov.com","indicators":[],"compromised":[],"tags":["search-engine","escapefromtarkov"],"sourceUrl":"https://forum.escapefromtarkov.com/topic/136966-gg-i-will-be-officially-quitting-tarkov/","derived":[],"inReport":[]},{"source":"www.ggnews.pe","indicators":[],"compromised":[],"tags":["search-engine","ggnews"],"sourceUrl":"https://www.ggnews.pe/lobos-humanos-y-tramposos-en-menos-de-una-semana-wolfteam-se-plaga-de-hackers/","derived":[],"inReport":[]},{"source":"www.linkedin.com","indicators":[],"compromised":[],"tags":["search-engine","linkedin"],"sourceUrl":"https://www.linkedin.com/in/justinwil","derived":[],"inReport":[]},{"source":"steamcommunity.com","indicators":[],"compromised":[],"tags":["search-engine","steamcommunity"],"sourceUrl":"https://steamcommunity.com/app/476600/discussions/0/1519260397788300326/","derived":[],"inReport":[]},{"source":"twitter.com","indicators":[],"compromised":[],"tags":["search-engine","twitter"],"sourceUrl":"https://twitter.com/epicgames/status/1466457758207594497?lang=en","derived":[],"inReport":[]},{"source":"razvioverflow.github.io","indicators":[],"compromised":[],"tags":["search-engine","github"],"sourceUrl":"https://razvioverflow.github.io/starthacking","derived":[],"inReport":[]},{"source":"www.facebook.com","indicators":[],"compromised":[],"tags":["search-engine","facebook"],"sourceUrl":"https://www.facebook.com/darkorbit/photos/-obsidian-booty-box-refresh-weve-refreshed-the-obsidian-booty-box-craft-or-buy-p/10158207418479409/","derived":[],"inReport":[]},{"source":"www.kh13.com","indicators":[],"compromised":[],"tags":["search-engine","kh13"],"sourceUrl":"https://www.kh13.com/forums/topic/96236-weekly-union-rankings-april-11-17/","derived":[],"inReport":[]},{"source":"github.com","indicators":[],"compromised":[],"tags":["search-engine","github"],"sourceUrl":"https://github.com/Ne3o1/PayLoadAllTheThings","derived":[],"inReport":[]}]}


    For example all of the source URLS returned in a list and printed to the description.

    Kind Regards,

    Justin W.



    ------------------------------
    Justin Wilson
    ------------------------------


  • 2.  RE: Iterating JSON (REST API) fn_utilities

    Posted 28 days ago
    Hi

    you mean something like this?

    import json
    
    str = """
    {
       "success":true,
       "results":[
          {
             "source":"www.squadhelp.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "squadhelp"
             ],
             "sourceUrl":"https://www.squadhelp.com/name/Hackers.gg",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"forum.escapefromtarkov.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "escapefromtarkov"
             ],
             "sourceUrl":"https://forum.escapefromtarkov.com/topic/136966-gg-i-will-be-officially-quitting-tarkov/",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"www.ggnews.pe",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "ggnews"
             ],
             "sourceUrl":"https://www.ggnews.pe/lobos-humanos-y-tramposos-en-menos-de-una-semana-wolfteam-se-plaga-de-hackers/",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"www.linkedin.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "linkedin"
             ],
             "sourceUrl":"https://www.linkedin.com/in/justinwil",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"steamcommunity.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "steamcommunity"
             ],
             "sourceUrl":"https://steamcommunity.com/app/476600/discussions/0/1519260397788300326/",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"twitter.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "twitter"
             ],
             "sourceUrl":"https://twitter.com/epicgames/status/1466457758207594497?lang=en",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"razvioverflow.github.io",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "github"
             ],
             "sourceUrl":"https://razvioverflow.github.io/starthacking",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"www.facebook.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "facebook"
             ],
             "sourceUrl":"https://www.facebook.com/darkorbit/photos/-obsidian-booty-box-refresh-weve-refreshed-the-obsidian-booty-box-craft-or-buy-p/10158207418479409/",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"www.kh13.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "kh13"
             ],
             "sourceUrl":"https://www.kh13.com/forums/topic/96236-weekly-union-rankings-april-11-17/",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          },
          {
             "source":"github.com",
             "indicators":[
                
             ],
             "compromised":[
                
             ],
             "tags":[
                "search-engine",
                "github"
             ],
             "sourceUrl":"https://github.com/Ne3o1/PayLoadAllTheThings",
             "derived":[
                
             ],
             "inReport":[
                
             ]
          }
       ]
    }
    """ 
    
    s = json.loads(str)
    for r in s['results']:
        print(r['sourceUrl'])
        ​


    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------