Dear community,
I am trying to set a picklist value based on condition. The playbook execution log showed that the condition was evaluated and resolved to the appropriate picklist. Still, the severity picklist wasn't updated in the Alert module pane, as seen in the image below.
INPUT Arg
severity: {%if vars.input.records[0].fileHash==\"839765b93416bb945be4f4ef2804158f\"%} {{(\"Severity\" | picklist(\"Critical\"))}} {% else %} {{(\"Severity\" | picklist(\"Medium\"))}} {% endif %}
EVALUATED Arg
severity: {'@id': '/api/3/picklists/7efa2220-39bb-44e4-961f-ac368776e3b0', '@type': 'Picklist', 'itemValue': 'Critical', 'orderIndex': 4, 'color': '#e31b1d', 'icon': None, 'listName': '/api/3/picklist_names/4e80cba3-032f-48b4-ac03-17e3ec247aac', 'uuid': '7efa2220-39bb-44e4-961f-ac368776e3b0', 'id': 372, 'importedBy': []}
Can anyone advise on what could be the issue here?
Thanks.
Solved! Go to Solution.
Hey @JoseOjeb ,
I have found the issue in the jinja. The issue is the spaces that are around the {{(Severity ... }} expressions. One quick solution is removing the spaces, another is adding in whitespace trim expressions to the if statements to remove whitespace before/after the conditions
Solution 1 removing spaces
{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%}{{("Severity" | picklist("Critical", "@id"))}}{% else %}{{("Severity" | picklist("Medium", "@id"))}}{% endif %}
Solution2 using whitespace trim `-`
{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f" -%} {{("Severity" | picklist("Critical", "@id"))}} {%- else -%} {{("Severity" | picklist("Medium", "@id"))}} {%- endif %}
Hello @JoseOjeb ,
Try this instead
{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%} {{("Severity" | picklist("Critical", "@id"))}} {% else %} {{("Severity" | picklist("Medium", "@id"))}} {% endif %}
The difference here is in the picklist filter, where we're telling it to return the key "@id", instead of the whole object. The severity field in SOAR prefers to have the "@id" passed to it. The playbooks guide for FortiSOAR has a little more info on that jinja filter
Hi @dspille ,
Thanks for the prompt response. I tried the suggested solution before but got an error as shown in the attached images. When I researched the community and saw Tips and Tricks posted by another staff back in 2020, I decided to try that too but didn't work.
To add more to my findings, I noticed that specifying {{"Severity" | picklist("Critical", "@id")}} in the severity field gets the alert severity updated as seen in the attached images; however, once the "if statement" is added, that is when it generates error shown in the previous response.
There seems to an issue while parsing --
{%if vars.sev == "Medium"%} {{"Severity" | picklist("Medium", "@id")}} {%else%} {{"Severity" | picklist("High", "@id")}} {%endif%}
But you can try following, it worked in my test setup --
{{ "Severity" | picklist("Medium", "@id") if vars.sev == "Medium" else "Severity" | picklist("High", "@id") }}
Thanks for your input. Your suggestion worked but I want to clarify if you were saying you also tried the first statement at your end and were getting the same issue and only the second statement worked for you also?
Also, can you please direct me on how to modify the second statement if I include more than two conditional statements?
Thanks.
Hey @JoseOjeb ,
I have found the issue in the jinja. The issue is the spaces that are around the {{(Severity ... }} expressions. One quick solution is removing the spaces, another is adding in whitespace trim expressions to the if statements to remove whitespace before/after the conditions
Solution 1 removing spaces
{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f"%}{{("Severity" | picklist("Critical", "@id"))}}{% else %}{{("Severity" | picklist("Medium", "@id"))}}{% endif %}
Solution2 using whitespace trim `-`
{%if vars.input.records[0].fileHash=="839765b93416bb945be4f4ef2804158f" -%} {{("Severity" | picklist("Critical", "@id"))}} {%- else -%} {{("Severity" | picklist("Medium", "@id"))}} {%- endif %}
@dspille ,
That was the fix, thanks for pointing that out! A lot has changed on the platform since the last time I worked on it extensively when it was still Cybersponse, the space wasn't an issue then :)
Hello,
Please I am still waiting for the solution to resolve the picklist from ingested value automatically. using the if-else statements for at least 3 conditions.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.