Thank you very much. This is very useful information with the details.
Original Message:
Sent: Thu March 21, 2024 10:53 AM
From: Gilbert Liao
Subject: CALL REST API function - how to take the input from artifact.value
Hi Ray,
Glad the information helps.
Following is an example to achieve your need.
- create an "OPTIONAL" input field when you create the activation form of the playbook.
- Change the logic of the python script for function input. Use "playbook.inputs.ip_value" to get the value entered in the activation form when user starts the playbook.
Hope it works for you.
------------------------------
Gilbert Liao
Original Message:
Sent: Tue March 19, 2024 12:19 PM
From: Ray Tam
Subject: CALL REST API function - how to take the input from artifact.value
This is great information. Thanks for including the screenshot and example for the form activation option.
Is there a simple way I can make it work with artifact.value or the value from the input form?
For example, when I run the playbook, it will prompt for the value.
If value is provided, it will use that to run the playbook
On the other hand, if value is not provided in the form, it will use the artifact.value.
------------------------------
Ray Tam
Original Message:
Sent: Mon March 18, 2024 03:28 AM
From: Gilbert Liao
Subject: CALL REST API function - how to take the input from artifact.value
Hi Ray,
Looks like you are using "Fields" on the function node to assign static value for "rest_api_url" field, in order to dynamically compose the "rest_api_url", you will need to switch to "Script" tab and write a simple python code. Below screen shot is an example,
and the python code snippet
# Disable SSL cert verificationinputs.rest_api_verify = False # Dynamically compose the URL using artifact valueinputs.rest_api_url = "https://ipinfo.io/{}/geo".format(artifact.value)# Method set to GETinputs.rest_api_method = "GET"
Note that you can use "artifact.value" to get artifact's value in the script
This online doc have more details about how to write a script including the scope and the operations you can used for each object type (incident, artifact, etc.)
https://www.ibm.com/docs/en/sqsp/51?topic=guide-scripts
e.g., available operations for artifact type script
https://www.ibm.com/docs/en/sqsp/51?topic=scripts-artifact-operations
========
If you want to prompt a form for user to enter the ip value, you can create an "Activation Form" for the manual playbook as described in this doc https://www.ibm.com/docs/en/sqsp/51?topic=manually-activation-form, then use it in the function script.
For example, if you create a text field called "ip_value" in the activation form, you can use "playbook.inputs.ip_value" to refer its value in the script.
inputs.rest_api_url = "https://ipinfo.io/{}/geo".format(playbook.inputs.ip_value)
Hope this helps !!
------------------------------
Gilbert Liao
Original Message:
Sent: Fri March 15, 2024 02:27 PM
From: Ray Tam
Subject: CALL REST API function - how to take the input from artifact.value
I am trying to use the CALL REST API playbook for the first time. The playbook is from the "REST API Functions for SOAR" App.
I tried to start with something simple using the ipinfo.ip API below. I am able to get the result fine but how do I replace the "8.8.8.8" using the artifact.value filed or prompt for the value?
method = "GET"
url = "https://ipinfo.io/8.8.8.8/geo"
------------------------------
Ray Tam
------------------------------