Hello everyone,
I am trying to develop a new integration/action, and from the IDE documentation I see the 'SiemplifyAction' library, much useful to extrapolate and work with info from the case/alerts. From these pages I see details on its modules but I cannot seem to find any info on the type of objects/classes available in this library.
Looking around, I can often see something of the sort:
from SiemplifyAction import SiemplifyAction
from SiemplifyDataModels import EntityTypes
siemplify = SiemplifyAction()
for entity in siemplify.target_entities:
if entity.entity_type == EntityTypes.ADDRESS
I know somewhat what I can use from 'SiemplifyDataModels' since that documentation page is more detailed. Instead, apart from examples and other actions code, on the 'SiemplifyAction' I would not even know if there were other types of 'entities' that i can use - other than these 'targeted' ones - ; nor what they are exactly.
I also tried looking in the script from the 'siemplify' based integrations available on the marketplace, but no luck.
So what am I missing? Where can I find/extrapolate more details about what I can exploit from the case/alert information?
Many Thanks everyone,
A
I would also need this information.
Hi Tonio,
Have you checked out their Github page: https://github.com/chronicle/soar-sdk/blob/main/Siemplify.py
Some of the python that is not visible in the IDE is in there.
Also, I would recommend looking around your SOAR API endpoints in your swagger docs (https://{instance_url}/swagger/index.html) as that can help shed more light on how the endpoints behave.
Those are quite the good hints. Thanks Moseis, I will definitely dive in them.
A