Results from LDAP query:
user1
user2
I want to send an email for each of this users with the below email body separately:
Hi user1 (for user 1 email)
Hi user1 (for user 2 email)
And then send the email to each of these users.
====================================================================
The issue that I am facing is that currently, the email body looks like this:
Hi user1, user2
Though the email was successfully to each of these users.
Hello!
The easiest way to do this may be a custom code block.
In my environment, I have an LDAP query from an action block that feeds into a custom function. That function has the inputs:
get_users_1:action_result.data..emails.0
get_users_1:action_result.data..displayname
And the code looks like this:
def custom_function_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None):
phantom.debug('custom_function_2() called')
results_data_1 = phantom.collect2(container=container, datapath=['get_users_1:action_result.data.*.emails.0', 'get_users_1:action_result.data.*.displayname'], action_results=results)
results_item_1_0 = [item[0] for item in results_data_1]
results_item_1_1 = [item[1] for item in results_data_1]
################################################################################
## Custom Code Start
################################################################################
for i in range(len(results_item_1_0)):
parameters = []
email_body = """
Hello{},
This is a test!
"""
if results_item_1_0[i] == None:
continue # don't send on empyt emails
if results_item_1_1[i] == None:
email_body = email_body.format("")
else:
email_body = email_body.format(" " + results_item_1_1[i])
parameters.append({
'body': email_body,
'from': "<REDACTED>@gmail.com",
'attachments': "",
'to': results_item_1_0[i],
'cc': "",
'bcc': "",
'headers': "",
'subject': "Testing"
})
phantom.act("send email", parameters=parameters, assets=['gmail'], name="send_email_1")
################################################################################
## Custom Code End
################################################################################
In this way I am looping through the values and grabbing display name and email and smashing them together to send an email. I do a couple of lightweight error handling too:
It would be possible to do this with artifacts and the like, but I think a short code block is more straightforward. Feel free to reach out to me on the Phantom-Community Slack (sam_phantom) to discuss.
Hello!
The easiest way to do this may be a custom code block.
In my environment, I have an LDAP query from an action block that feeds into a custom function. That function has the inputs:
get_users_1:action_result.data..emails.0
get_users_1:action_result.data..displayname
And the code looks like this:
def custom_function_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None):
phantom.debug('custom_function_2() called')
results_data_1 = phantom.collect2(container=container, datapath=['get_users_1:action_result.data.*.emails.0', 'get_users_1:action_result.data.*.displayname'], action_results=results)
results_item_1_0 = [item[0] for item in results_data_1]
results_item_1_1 = [item[1] for item in results_data_1]
################################################################################
## Custom Code Start
################################################################################
for i in range(len(results_item_1_0)):
parameters = []
email_body = """
Hello{},
This is a test!
"""
if results_item_1_0[i] == None:
continue # don't send on empyt emails
if results_item_1_1[i] == None:
email_body = email_body.format("")
else:
email_body = email_body.format(" " + results_item_1_1[i])
parameters.append({
'body': email_body,
'from': "<REDACTED>@gmail.com",
'attachments': "",
'to': results_item_1_0[i],
'cc': "",
'bcc': "",
'headers': "",
'subject': "Testing"
})
phantom.act("send email", parameters=parameters, assets=['gmail'], name="send_email_1")
################################################################################
## Custom Code End
################################################################################
In this way I am looping through the values and grabbing display name and email and smashing them together to send an email. I do a couple of lightweight error handling too:
It would be possible to do this with artifacts and the like, but I think a short code block is more straightforward. Feel free to reach out to me on the Phantom-Community Slack (sam_phantom) to discuss.
Hi Ghays,
It was able to send email to only one of the emails returned from LDAP (2 users returned which is the expected result). Also, I noticed that it sends to the second email returned by LDAP.
Any update you can recommend? I'm not really good at Python so I'm having a hard time on fixing the issue.
Thank you.
Robert
Would you be able to post your configuration w/ screenshots or names + params?
Below is the custom code I created.
Input Paramaters from LDAP:
Get_User_Attribute:action_result.data.*.mail
Get_User_Attribute:action_result.data.*.givenname
def Format_Email(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None):
phantom.debug('Format_Email() called')
results_data_1 = phantom.collect2(container=container, datapath=['Get_User_Attribute:action_result.data.*.mail', 'Get_User_Attribute:action_result.data.*.givenname'], action_results=results)
results_item_1_0 = [item[0] for item in results_data_1]
results_item_1_1 = [item[1] for item in results_data_1]
################################################################################
## Custom Code Start
################################################################################
# build parameters list for 'Send_Email' call
for i in range(len(results_item_1_0)):
parameters = []
email_body = """
Hello{},
This is a test!
"""
if results_item_1_0[i] == None:
continue # don't send on empyt emails
if results_item_1_1[i] == None:
email_body = email_body.format("")
else:
email_body = email_body.format(" " + results_item_1_1[i])
parameters.append({
'body': email_body,
'from': "test@mail.com",
'attachments': "",
'to': results_item_1_0[i],
'cc': "",
'bcc': "",
'headers': "",
'subject': "Testing"
})
phantom.act("send email", parameters=parameters, assets=['smtp'], name="Send_Email")
################################################################################
## Custom Code End
################################################################################
return
Confirm the inputs to your custom function are right?
Should be:
Input 1: Get_User_Attribute:action_result.data.*.emails.0
Input 2: Get_User_Attribute:action_result.data.*.displayname
@ghays_splunk - It actually works now. I didn't put the proper indention (newbie mistake) in for loop that's why it didn't work before. Thank you so much for helping me.
Awesome! Python is super sensitive to indentation - it's literally a language where the amount of whitespace controls how statements a grouped.. crazy stuff.
Anywho, glad it working for you!