Hoping someone can help me get past the last hurdle. I'm trying to create a custom function that dynamically calls other custom functions. I've got the part of generating the list of desired ...
See more...
Hoping someone can help me get past the last hurdle. I'm trying to create a custom function that dynamically calls other custom functions. I've got the part of generating the list of desired functions.
I understand how to make sure the datapath into the dynamically selected custom function.
I want to pass the results out to a filter object, but it seems to be coming out only as a single variable. not an array.
What am I missing?
def rule_check(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('rule_check() called')
custom_function_results_data_1 = phantom.collect2(container=container, datapath=['build:custom_function_result.data.data_packets.*.packet'], action_results=results)
custom_function_results_data_2 = phantom.collect2(container=container, datapath=['get_funcs:custom_function_result.data.found_functions.*.function_path'], action_results=results)
custom_function_results_item_1_0 = [item[0] for item in custom_function_results_data_1]
custom_function_results_item_2_0 = [item[0] for item in custom_function_results_data_2]
rule_check__data = None
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
parameters = []
for item0 in custom_function_results_data_1:
parameters.append({
'data_w_fields': item0[0],
})
for func in custom_function_results_item_2_0:
a = phantom.custom_function(custom_function=func, parameters=parameters, name='rule_check')
################################################################################
## Custom Code End
################################################################################
phantom.save_run_data(key='rule_check:data', value=json.dumps(rule_check__data))
filter_1(container=container)
return