- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSOAR- Playbook creation for extracting multiple events
Hi Team,
Trying to extract multiple events with unique values using Jinja, but it pics up only 1 value based on array we give.
Like example: event_data.0.payload
Attached the screenshot FYR:
Can you please assist how to call arrays of events with unique using Jinja .
- Labels:
-
FortiSOAR
Created on ‎10-15-2023 10:22 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for reaching out. Here, are some tips:
Step 1: Before using Jinja, you can extract the unique events from your array and organize them in a format that's easier to work with in Jinja. For example, you can use Python to achieve this.
# Assuming event_data is a list of events
unique_events = set(event_data)
# Now, unique_events contains unique event values
Step 2: Pass the pre-processed data to your Jinja template. You can use a dictionary to store this data:
data = {
'unique_events': unique_events
}
Step 3: In your Jinja template, you can loop through the unique events to display them:
<ul>
{% for event in unique_events %}
<li>{{ event }}</li>
{% endfor %}
</ul>
This way, you can loop through the unique events and display them in your output.
Please let us know if this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Anonymous ,
Thank you for the response, I will try this and check.
Thanks & regards,
Varsha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you post a bit of the JSON data you have so I can take a look at it and maybe help you a little?
Created on ‎10-17-2023 04:20 AM Edited on ‎10-17-2023 04:26 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[
{
"payload": "{\"AppAccessContext\":{\"ClientAppId\":\"\",\"ClientAppName\":\"00000007-0000-ce00-000000000000\",\"CorrelationId\":\"\"},\"CreationTime\":\"2023-09-25T18:09:02\",\"Id\":\"*****\",\"Operation\":\"FileDetected\",\"OrganizationId\":\"7***********\",\"RecordType\":6,\"UserKey\":\"i:0i.t|00000003-0000-ce00-000000000000|test\",\"UserType\":0,\"Version\":1,\"Workload\":\"OneDrive\",\"ClientIP\":\"*********::100\",\"UserId\":\"test\",\"ApplicationDisplayName\":\"00000007-0000-ce00-000000000000\",\"ApplicationId\":\"00000007-0000-ce00-000000000000\",\"AuthenticationType\":\"OAuth\",\"BrowserName\":\"\",\"BrowserVersion\":\"\",\"CorrelationId\":\"\",\"EventSource\":\"SharePoint\",\"IsManagedDevice\":false,\"ItemType\":\"File\",\"ListId\":\"b376b7e8-30ee-4612-9ad8-0a9ca5eafa17\",\"ListItemUniqueId\":\"c4e3e83d-a6c5-1b128a62f018\",\"Platform\":\"Service\",\"Site\":\"4f084318-060c-4318-9944-e439b654d20f\",\"UserAgent\":\"test\",\"WebId\":\"e51359d5-8868a3759d8d\",\"DeviceDisplayName\":\"*********::100\",\"HighPriorityMediaProcessing\":false,\"ListBaseType\":0,\"ListServerTemplate\":0,\"SourceFileExtension\":\"zip\",\"VirusInfo\":\"JS/Nemucod.TSO#\",\"VirusVendor\":\"Advanced Threat Protection\",\"SiteUrl\":\"https://test_com/\",\"SourceRelativeUrl\":\"Documents/Microsoft Teams Chat Files\",\"SourceFileName\":\"assignments (1).zip\",\"ObjectId\":\"https://test_com//Documents/Microsoft Teams Chat Files/assignments (1).zip\"}",
"sourceip": "10.XX.XX.XX",
"username": "test",
"starttime": 1695665540678,
"Event_Name": "Suspicious",
"Log_Source": "10.XX.XX.XX",
"Category_Name": "Malware Infection",
"destinationip": "20.43.XXX.XXX"
},
{
"payload": "{\"AppAccessContext\":{\"ClientAppId\":\"\",\"ClientAppName\":\"00000007-0000-000000000000\",\"CorrelationId\":\"*****\"},\"CreationTime\":\"2023-09-25T18:09:02\",\"Id\":\"******\",\"Operation\":\"FileDetected\",\"OrganizationId\":\"*****\",\"RecordType\":6,\"UserKey\":\"i:0i.t|00000003-0000-ce00-000000000000|test\",\"UserType\":0,\"Version\":1,\"Workload\":\"OneDrive\",\"ClientIP\":\"*******:100\",\"UserId\":\"test\",\"ApplicationDisplayName\":\"00000007-0000-ce00-000000000000\",\"ApplicationId\":\"00000007-0000-ce00-000000000000\",\"AuthenticationType\":\"OAuth\",\"BrowserName\":\"\",\"BrowserVersion\":\"\",\"CorrelationId\":\"4afbdda0-2000-9551-9d83894da0ac\",\"EventSource\":\"SharePoint\",\"IsManagedDevice\":false,\"ItemType\":\"File\",\"ListId\":\"b376b7e8-30ee-4612-9ad8-0a9ca5eafa17\",\"ListItemUniqueId\":\"c4e3e83d-a6c5-1b128a62f018\",\"Platform\":\"Service\",\"Site\":\"4f084318-060c-4318-9944-e439b654d20f\",\"UserAgent\":\"test\",\"WebId\":\"e51359d5-68a3759d8d\",\"DeviceDisplayName\":\"***::100\",\"HighPriorityMediaProcessing\":false,\"ListBaseType\":0,\"ListServerTemplate\":0,\"SourceFileExtension\":\"zip\",\"VirusInfo\":\"JS/Nemucod.TSO#\",\"VirusVendor\":\"Advanced Threat Protection\",\"SiteUrl\":\"https://test_com///\",\"SourceRelativeUrl\":\"Documents/Microsoft Teams Chat Files\",\"SourceFileName\":\"assignments (1).zip\",\"ObjectId\":\"https://test_com///Documents/Microsoft Teams Chat Files/assignments (1).zip\"}",
"sourceip": "10.XX.XX.XX",
"username": "test",
"starttime": 1695665539307,
"Event_Name": "File",
"Log_Source": "test",
"Category_Name": "Malware Infection",
"destinationip": "20.43.XXX.XXX"
}
]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @JimHube , I have shared the JSON. I need to have 2 event data to be called within same template.
Thanks & regards,
Varsha
Created on ‎10-20-2023 01:45 PM Edited on ‎10-20-2023 01:46 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Varsha,
Sorry about the delay. Can you tell me what you're looking for here? Your message states "Can you please assist how to call arrays of events with unique using Jinja" but also "I need to have 2 event data to be called within same template." I'm not certain what you're trying to get out of this JSON. Can you tell me the response you'd like the template to generate when it's working using the JSON you provided? Once I understand what you're looking for, I can work on getting you the right template or at least show you how to get what you need.