app_config_path = f"your_app_config_file_path_if_you_plan_to_execute_it_from_your_computer"
class ArgumentParser(resilient.ArgumentParser):
def __init__(self, config_file=None):
super(ArgumentParser, self).__init__(config_file=app_config_path)
parser = ArgumentParser(config_file=resilient.get_config_file())
opts = parser.parse_args()
resilient_client = resilient.get_client(opts)
def patch_artifact_tag(incident_id, artifact_id, artifact_tag):
"""
Add a Tag to an Artifact, creating it if non-existent
:param incident_id:
:param artifact_id:
:param artifact_tag:
:return: Data dict with results
"""
soar_tags = resilient_client.get('/tags/data?handle_format=names&exclude_unused=false')['entities']
tags_dict = {tag['name']: tag['id'] for tag in soar_tags}
tag_id_list = []
if artifact_tag not in tags_dict:
print(f"Tag not available: {artifact_tag}")
tag_creation = {"display_name": artifact_tag}
created_tag = resilient_client.post('/tags/data?handle_format=names', tag_creation)
print(f"Tag created: {created_tag['name']}")
tag_id_list.append(created_tag['id'])
else:
tag_id_list.append(tags_dict[artifact_tag])
print(f"Tag found: {artifact_tag}")
global_artifact = resilient_client.get(f'/incidents/{incident_id}/artifacts/{artifact_id}')
global_artifact = global_artifact['global_artifact'][0]
for tag_id in tag_id_list:
new_tag = {"tag_handle": tag_id, "value": None}
if new_tag not in global_artifact['tags']:
global_artifact['tags'].append(new_tag)
print(f"Adding tag {artifact_tag}...")
updated_artifact = resilient_client.put(f'/artifacts/{global_artifact["id"]}', global_artifact)
return {global_artifact['id']: updated_artifact}
patch_artifact_tag(incident_id, artifact_id, artifact_tag="TAG_NAME")