Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create dynamic custom functions?

Dave_Burns
Path Finder
‎07-15-2022 08:55 AM

Hoping someone can help me get past the last hurdle. 

I'm trying to create a custom function that dynamically calls other custom functions. 

I've got the part of generating the list of desired functions. 

I understand how to make sure the datapath into the dynamically selected custom function. 

I want to pass the results out to a filter object, but it seems to be coming out only as a single variable. not an array.

What am I missing? 

 

def rule_check(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('rule_check() called')
    
    custom_function_results_data_1 = phantom.collect2(container=container, datapath=['build:custom_function_result.data.data_packets.*.packet'], action_results=results)
    custom_function_results_data_2 = phantom.collect2(container=container, datapath=['get_funcs:custom_function_result.data.found_functions.*.function_path'], action_results=results)
    custom_function_results_item_1_0 = [item[0] for item in custom_function_results_data_1]
    custom_function_results_item_2_0 = [item[0] for item in custom_function_results_data_2]

    rule_check__data = None

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    parameters = []

    for item0 in custom_function_results_data_1:
        parameters.append({
            'data_w_fields': item0[0],
        })        
        
    for func in custom_function_results_item_2_0:
        a = phantom.custom_function(custom_function=func, parameters=parameters, name='rule_check')

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.save_run_data(key='rule_check:data', value=json.dumps(rule_check__data))
    filter_1(container=container)

    return

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Dave_Burns
Path Finder
‎07-25-2022 08:41 AM

I'll post a reply to myself, in case someone else wonders the same thing. 

In this particular case, you've got literally just run a for loop of all the custom functions, w/ the callback baked in. Then add in the return. This forces it to ignore the custom code end.  (Making it abit of a dead path)

Not ideal programmatically, but it works. 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Dave_Burns
Path Finder
‎07-25-2022 08:41 AM

I'll post a reply to myself, in case someone else wonders the same thing. 

In this particular case, you've got literally just run a for loop of all the custom functions, w/ the callback baked in. Then add in the return. This forces it to ignore the custom code end.  (Making it abit of a dead path)

Not ideal programmatically, but it works. 

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...