IBM QRadar SOAR

I am creating a set of utility functions to retrieve and update Resilient select field values.
I would like these to be all under the same function path in resilient_actions, to avoid having to maintain the same helper code in multiple place.
Every function I create in Resilient though, (get_field_values, update_field_value), a separate directory is created under resilient_actions on the file system.
i.e.
resilient_actions/get_field_values/get_field_values/
resilient_actions/update_field_value/update_field_value/

I would like it to be more like this, and I've seen it done with the xforce app fn_datatable_utils.

resilient_actions/selectfield_utils/selectfield_utils/components/
funct_get_field_values.py  (both of these functions utilize methods in the utils/select_field_helper.py)
funct_update_field_value.py

resilient_actions/selectfield_utils/selectfield_utils/utils/
select_field_helper.py

Any advice how to do this myself?

------------------------------
Tim Gray
------------------------------

If I recall correctly, you can just dump the .py wherever you want inside an existing package, you just need to make sure the corresponding package's setup.py is looking for it as a FunctionComponent in the entry_points (resilient.circuits.components), and then rerun the pip install command.

------------------------------
Jared Fagel
Cyber Security Analyst I
Public Utility
------------------------------

Original Message:
Sent: Mon June 14, 2021 03:10 PM
From: Tim Gray
Subject: Custom utility functions

I am creating a set of utility functions to retrieve and update Resilient select field values.
I would like these to be all under the same function path in resilient_actions, to avoid having to maintain the same helper code in multiple place.
Every function I create in Resilient though, (get_field_values, update_field_value), a separate directory is created under resilient_actions on the file system.
i.e.
resilient_actions/get_field_values/get_field_values/
resilient_actions/update_field_value/update_field_value/

I would like it to be more like this, and I've seen it done with the xforce app fn_datatable_utils.

resilient_actions/selectfield_utils/selectfield_utils/components/
funct_get_field_values.py  (both of these functions utilize methods in the utils/select_field_helper.py)
funct_update_field_value.py

resilient_actions/selectfield_utils/selectfield_utils/utils/
select_field_helper.py

Any advice how to do this myself?

------------------------------
Tim Gray
------------------------------

Tim,

Would you mind sharing how you're generating the code / directory for your functions?

I use this command to generate my package:

resilient-sdk codegen -f function_1 function_2 -m function_1 function_2 -p fn_function_package

which will generate a directory that looks like this:


The files in the 'components' directory are the function files and code can be created in the 'util' directory that can be imported into each function file.

I hope this helps

------------------------------
Liam Mahoney
------------------------------

Original Message:
Sent: Mon June 14, 2021 03:10 PM
From: Tim Gray
Subject: Custom utility functions

I am creating a set of utility functions to retrieve and update Resilient select field values.
I would like these to be all under the same function path in resilient_actions, to avoid having to maintain the same helper code in multiple place.
Every function I create in Resilient though, (get_field_values, update_field_value), a separate directory is created under resilient_actions on the file system.
i.e.
resilient_actions/get_field_values/get_field_values/
resilient_actions/update_field_value/update_field_value/

I would like it to be more like this, and I've seen it done with the xforce app fn_datatable_utils.

resilient_actions/selectfield_utils/selectfield_utils/components/
funct_get_field_values.py  (both of these functions utilize methods in the utils/select_field_helper.py)
funct_update_field_value.py

resilient_actions/selectfield_utils/selectfield_utils/utils/
select_field_helper.py

Any advice how to do this myself?

------------------------------
Tim Gray
------------------------------

That is a huge help Liam.
I had been using

resilient-sdk codegen -f function_1 -p fn_function_1

Then trying to place the other functions inside the function_1 directory.

------------------------------
Tim Gray
------------------------------

Original Message:
Sent: Wed June 16, 2021 03:58 PM
From: Liam Mahoney
Subject: Custom utility functions

Tim,

Would you mind sharing how you're generating the code / directory for your functions?

I use this command to generate my package:

resilient-sdk codegen -f function_1 function_2 -m function_1 function_2 -p fn_function_package

which will generate a directory that looks like this:


The files in the 'components' directory are the function files and code can be created in the 'util' directory that can be imported into each function file.

I hope this helps

------------------------------
Liam Mahoney

Original Message:
Sent: Mon June 14, 2021 03:10 PM
From: Tim Gray
Subject: Custom utility functions

I am creating a set of utility functions to retrieve and update Resilient select field values.
I would like these to be all under the same function path in resilient_actions, to avoid having to maintain the same helper code in multiple place.
Every function I create in Resilient though, (get_field_values, update_field_value), a separate directory is created under resilient_actions on the file system.
i.e.
resilient_actions/get_field_values/get_field_values/
resilient_actions/update_field_value/update_field_value/

I would like it to be more like this, and I've seen it done with the xforce app fn_datatable_utils.

resilient_actions/selectfield_utils/selectfield_utils/components/
funct_get_field_values.py  (both of these functions utilize methods in the utils/select_field_helper.py)
funct_update_field_value.py

resilient_actions/selectfield_utils/selectfield_utils/utils/
select_field_helper.py

Any advice how to do this myself?

------------------------------
Tim Gray
------------------------------