FortiSOAR Discussions
JoseOjeb
New Contributor II

Setting picklist values based on condition

Dear community,

 

I am trying to set a picklist value based on condition. The playbook execution log showed that the condition was evaluated and resolved to the appropriate picklist. Still, the severity picklist wasn't updated in the Alert module pane, as seen in the image below.

 

INPUT Arg
severity: {%if vars.input.records[0].fileHash==\"839765b93416bb945be4f4ef2804158f\"%} {{(\"Severity\" | picklist(\"Critical\"))}} {% else %} {{(\"Severity\" | picklist(\"Medium\"))}} {% endif %}

EVALUATED Arg
severity: {'@id': '/api/3/picklists/7efa2220-39bb-44e4-961f-ac368776e3b0', '@type': 'Picklist', 'itemValue': 'Critical', 'orderIndex': 4, 'color': '#e31b1d', 'icon': None, 'listName': '/api/3/picklist_names/4e80cba3-032f-48b4-ac03-17e3ec247aac', 'uuid': '7efa2220-39bb-44e4-961f-ac368776e3b0', 'id': 372, 'importedBy': []}

 

Can anyone advise on what could be the issue here?

Thanks.

 

AlertPane.JPG

1 Solution
dspille

Hey @JoseOjeb ,

I have found the issue in the jinja. The issue is the spaces that are around the {{(Severity ... }} expressions. One quick solution is removing the spaces, another is adding in whitespace trim expressions to the if statements to remove whitespace before/after the conditions
Solution 1 removing spaces

{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%}{{("Severity" | picklist("Critical", "@id"))}}{% else %}{{("Severity" | picklist("Medium", "@id"))}}{% endif %}


Solution2 using whitespace trim `-`

{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f" -%} {{("Severity" | picklist("Critical", "@id"))}} {%- else -%} {{("Severity" | picklist("Medium", "@id"))}} {%- endif %}



Dylan Spille

View solution in original post

8 REPLIES 8
dspille
Staff
Staff

Hello @JoseOjeb  ,

 

Try this instead

 

 

{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%} {{("Severity" | picklist("Critical", "@id"))}} {% else %} {{("Severity" | picklist("Medium", "@id"))}} {% endif %}

 

 

 

The difference here is in the picklist filter, where we're telling it to return the key "@id", instead of the whole object. The severity field in SOAR prefers to have the "@id" passed to it. The playbooks guide for FortiSOAR has a little more info on that jinja filter

Xnapper-2024-09-20-13.47.01.png

 

https://docs.fortinet.com/document/fortisoar/7.5.0/playbooks-guide/767891/jinja-filters-and-function...

Dylan Spille
JoseOjeb
New Contributor II

Hi @dspille ,

 

Thanks for the prompt response. I tried the suggested solution before but got an error as shown in the attached images. When I researched the community and saw Tips and Tricks posted by another staff back in 2020, I decided to try that too but didn't work.

https://community.fortinet.com/t5/FortiSOAR-Knowledge-Base/Technical-Note-FortiSOAR-Cybersponse-Tric...

 

Capture.JPGCapture1.JPG

JoseOjeb
New Contributor II

@dspille,

 

To add more to my findings, I noticed that specifying {{"Severity" | picklist("Critical", "@id")}} in the severity field gets the alert severity updated as seen in the attached images; however, once the "if statement" is added, that is when it generates error shown in the previous response.Capture.JPGCapture1q.JPGCapture2q.JPG

tkanade

There seems to an issue while parsing -- 

{%if vars.sev == "Medium"%} {{"Severity" | picklist("Medium", "@id")}} {%else%} {{"Severity" | picklist("High", "@id")}} {%endif%}


But you can try following, it worked in my test setup -- 

{{ "Severity" | picklist("Medium", "@id") if vars.sev == "Medium" else "Severity" | picklist("High", "@id") }}

 

JoseOjeb
New Contributor II

@tkanade,

 

Thanks for your input. Your suggestion worked but I want to clarify if you were saying you also tried the first statement at your end and were getting the same issue and only the second statement worked for you also?

 

Also, can you please direct me on how to modify the second statement if I include more than two conditional statements?

Thanks.

dspille

Hey @JoseOjeb ,

I have found the issue in the jinja. The issue is the spaces that are around the {{(Severity ... }} expressions. One quick solution is removing the spaces, another is adding in whitespace trim expressions to the if statements to remove whitespace before/after the conditions
Solution 1 removing spaces

{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%}{{("Severity" | picklist("Critical", "@id"))}}{% else %}{{("Severity" | picklist("Medium", "@id"))}}{% endif %}


Solution2 using whitespace trim `-`

{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f" -%} {{("Severity" | picklist("Critical", "@id"))}} {%- else -%} {{("Severity" | picklist("Medium", "@id"))}} {%- endif %}



Dylan Spille
JoseOjeb
New Contributor II

@dspille , 

That was the fix, thanks for pointing that out! A lot has changed on the platform since the last time  I worked on it extensively when it was still Cybersponse, the space wasn't an issue then :)

JoseOjeb
New Contributor II

Hello,

 

Please I am still waiting for the solution to resolve the picklist from ingested value automatically. using the if-else statements for at least 3 conditions.