Re: Is there any SiemplifyAction library classes/o...

Tonio

Hello everyone,

I am trying to develop a new integration/action, and from the IDE documentation I see the 'SiemplifyAction' library, much useful to extrapolate and work with info from the case/alerts. From these pages I see details on its modules but I cannot seem to find any info on the type of objects/classes available in this library.

Looking around, I can often see something of the sort:

from SiemplifyAction import SiemplifyAction
from SiemplifyDataModels import EntityTypes

siemplify = SiemplifyAction()

for entity in siemplify.target_entities:
  if entity.entity_type == EntityTypes.ADDRESS

I know somewhat what I can use from 'SiemplifyDataModels' since that documentation page is more detailed. Instead, apart from examples and other actions code, on the 'SiemplifyAction' I would not even know if there were other types of 'entities' that i can use - other than these 'targeted' ones - ; nor what they are exactly.

I also tried looking in the script from the 'siemplify' based integrations available on the marketplace, but no luck.

So what am I missing? Where can I find/extrapolate more details about what I can exploit from the case/alert information?

Many Thanks everyone,

A

RSSorint-24

I would also need this information.

Moseis

Hi Tonio,

Have you checked out their Github page: https://github.com/chronicle/soar-sdk/blob/main/Siemplify.py

Some of the python that is not visible in the IDE is in there.

Also, I would recommend looking around your SOAR API endpoints in your swagger docs (https://{instance_url}/swagger/index.html) as that can help shed more light on how the endpoints behave.

Tonio

Those are quite the good hints. Thanks Moseis, I will definitely dive in them.

A

Is there any SiemplifyAction library classes/objects list?