topic How to create dynamic custom functions? in Splunk SOAR https://community.splunk.com/t5/Splunk-SOAR/How-to-create-dynamic-custom-functions/m-p/605820#M895 <P>Hoping someone can help me get past the last hurdle.&nbsp;<BR /><BR />I'm trying to create a custom function that dynamically calls other custom functions.&nbsp;<BR /><BR />I've got the part of generating the list of desired functions.&nbsp;</P> <P>I understand how to make sure the datapath into the dynamically selected custom function.&nbsp;</P> <P>I want to pass the results out to a filter object, but it seems to be coming out only as a single variable. not an array.</P> <P>What am I missing?&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="python">def rule_check(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs): phantom.debug('rule_check() called') custom_function_results_data_1 = phantom.collect2(container=container, datapath=['build:custom_function_result.data.data_packets.*.packet'], action_results=results) custom_function_results_data_2 = phantom.collect2(container=container, datapath=['get_funcs:custom_function_result.data.found_functions.*.function_path'], action_results=results) custom_function_results_item_1_0 = [item[0] for item in custom_function_results_data_1] custom_function_results_item_2_0 = [item[0] for item in custom_function_results_data_2] rule_check__data = None ################################################################################ ## Custom Code Start ################################################################################ # Write your custom code here... parameters = [] for item0 in custom_function_results_data_1: parameters.append({ 'data_w_fields': item0[0], }) for func in custom_function_results_item_2_0: a = phantom.custom_function(custom_function=func, parameters=parameters, name='rule_check') ################################################################################ ## Custom Code End ################################################################################ phantom.save_run_data(key='rule_check:data', value=json.dumps(rule_check__data)) filter_1(container=container) return</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 15 Jul 2022 16:58:02 GMT Dave_Burns 2022-07-15T16:58:02Z How to create dynamic custom functions? https://community.splunk.com/t5/Splunk-SOAR/How-to-create-dynamic-custom-functions/m-p/605820#M895 <P>Hoping someone can help me get past the last hurdle.&nbsp;<BR /><BR />I'm trying to create a custom function that dynamically calls other custom functions.&nbsp;<BR /><BR />I've got the part of generating the list of desired functions.&nbsp;</P> <P>I understand how to make sure the datapath into the dynamically selected custom function.&nbsp;</P> <P>I want to pass the results out to a filter object, but it seems to be coming out only as a single variable. not an array.</P> <P>What am I missing?&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="python">def rule_check(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs): phantom.debug('rule_check() called') custom_function_results_data_1 = phantom.collect2(container=container, datapath=['build:custom_function_result.data.data_packets.*.packet'], action_results=results) custom_function_results_data_2 = phantom.collect2(container=container, datapath=['get_funcs:custom_function_result.data.found_functions.*.function_path'], action_results=results) custom_function_results_item_1_0 = [item[0] for item in custom_function_results_data_1] custom_function_results_item_2_0 = [item[0] for item in custom_function_results_data_2] rule_check__data = None ################################################################################ ## Custom Code Start ################################################################################ # Write your custom code here... parameters = [] for item0 in custom_function_results_data_1: parameters.append({ 'data_w_fields': item0[0], }) for func in custom_function_results_item_2_0: a = phantom.custom_function(custom_function=func, parameters=parameters, name='rule_check') ################################################################################ ## Custom Code End ################################################################################ phantom.save_run_data(key='rule_check:data', value=json.dumps(rule_check__data)) filter_1(container=container) return</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 15 Jul 2022 16:58:02 GMT https://community.splunk.com/t5/Splunk-SOAR/How-to-create-dynamic-custom-functions/m-p/605820#M895 Dave_Burns 2022-07-15T16:58:02Z Re: How to create dynamic custom functions? https://community.splunk.com/t5/Splunk-SOAR/How-to-create-dynamic-custom-functions/m-p/606889#M919 <P>I'll post a reply to myself, in case someone else wonders the same thing.&nbsp;<BR /><BR />In this particular case, you've got literally just run a for loop of all the custom functions, w/ the callback baked in. Then add in the return. This forces it to ignore the custom code end.&nbsp; (Making it abit of a dead path)<BR /><BR />Not ideal programmatically, but it works.&nbsp;</P> Mon, 25 Jul 2022 15:41:44 GMT https://community.splunk.com/t5/Splunk-SOAR/How-to-create-dynamic-custom-functions/m-p/606889#M919 Dave_Burns 2022-07-25T15:41:44Z