This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Closed Case Search

Posted on 02-05-2024 08:34 AM
samryanturner
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm currently using the below to get all closed cases within our SOAR platform -

 
 
This code below is returning "Action failed as JSON result exceeded maximum size 0MB". Am I using this wrong or am I missing further parameters? With the max results being set to 1000 by default i'm expecting the last 1000 case ID's that are closed. -
 
closed_cases = siemplify.get_cases_ids_by_filter("CLOSE", sort_by="CLOSE_TIME")
1 1 127
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
f3rz
Staff
Reply posted on --/--/---- --:-- AM

Hi @samryanturner could you please try to create new Python Action in IDE and try the following code:

from SiemplifyAction import SiemplifyAction
from SiemplifyUtils import unix_now, convert_unixtime_to_datetime, output_handler
from ScriptResult import EXECUTION_STATE_COMPLETED, EXECUTION_STATE_FAILED,EXECUTION_STATE_TIMEDOUT

@output_handler
def main():
    siemplify = SiemplifyAction()

    cases = siemplify.get_cases_ids_by_filter(status="CLOSE",sort_by="CLOSE_TIME")
    print(cases)

    status = EXECUTION_STATE_COMPLETED  # used to flag back to siemplify system, the action final status
    output_message = "output message :"  # human readable message, showed in UI as the action result
    result_value = True  # Set a simple result value, used for playbook if\else and placeholders.

    siemplify.LOGGER.info("\n  status: {}\n  result_value: {}\n  output_message: {}".format(status,result_value, output_message))
    siemplify.end(output_message, result_value, status)

if __name__ == "__main__":
    main()

 It worked for me:

Google Chrome_2024-04-02 16-33-03@2x.jpg

 

 

 

Top Solution Authors
View all