IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

How to create artifact by fetching data from a table

  • 1.  How to create artifact by fetching data from a table

    Posted Mon February 06, 2023 03:05 AM
    Hello

    Do you have a script that creates artifacts by fetching data from a datatable

    Thanks 
    Przemek

    ------------------------------
    Przemyslaw Klys
    ------------------------------


  • 2.  RE: How to create artifact by fetching data from a table

    Posted Tue February 07, 2023 03:38 PM
    Here is a script that runs off the query results data table in the fn_exchange_online integration: 
    artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_email_address)
artifact_type = "Email Recipient"
artifact_value = row.exo_dt_email_address
if artifact_value:
  incident.addArtifact(artifact_type, artifact_value, artifact_description)
  
artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_sender_email)
artifact_type = "Email Sender"
artifact_value = row.exo_dt_sender_email
if artifact_value:
  incident.addArtifact(artifact_type, artifact_value, artifact_description)
  
artifact_description = u"Created by Exchange Online Query Results for artifact value: {}".format(row.exo_dt_message_subject)
artifact_type = "Email Subject"
artifact_value = row.exo_dt_message_subject
if artifact_value:
  incident.addArtifact(artifact_type, artifact_value, artifact_description)
​

    Hope this helps!



    ------------------------------
    AnnMarie Norcross
    ------------------------------

    Original Message