forked from demisto/demisto-py
-
Notifications
You must be signed in to change notification settings - Fork 0
/
batch_util_example.py
65 lines (59 loc) · 3.14 KB
/
batch_util_example.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env python2.7
# example
# An example of helper utility to do stuff on multiple incidents based on filter
#
# Stuff can be closing incidents, running a command, changing type or changing playbook
#
# Author: Slavik Markovich
# Version: 1.0
#
import json
import argparse
from datetime import date, timedelta
import demisto
def format_dt(dt):
return dt.strftime('%Y-%m-%dT%H:%M:%S')
def options_handler():
parser = argparse.ArgumentParser(description='Utility for batch action on incidents')
parser.add_argument('-k', '--key', help='The API key to access the server', required=True)
parser.add_argument('-s', '--server', help='The server URL to connect to', required=True)
monthAgo = date.today() - timedelta(days=30)
parser.add_argument('-f', '--filter', help='The filter query to chose the alerts, default is open incidents created in last month', default='(status:=0 or status:=1) and created:>%s' % format_dt(monthAgo))
parser.add_argument('-m', '--page', help='The page we are working on', default=0, type=int)
parser.add_argument('-n', '--size', help='The size per page', default=100, type=int)
parser.add_argument('-a', '--action', help='The action to perform', default='close', choices=['close'])
parser.add_argument('--closeReason', help='The close reason')
parser.add_argument('--closeNotes', help='The close notes')
parser.add_argument('--customFields', help='The json that includes the values for the custom fields')
parser.add_argument('--playbook', help='The new playbook name')
parser.add_argument('--type', help='The new type')
parser.add_argument('--entry', help='The new entry data to create')
parser.add_argument('-q', '--quiet', action='store_false', dest='verbose', default=True, help="don't use voice")
options = parser.parse_args()
global verbose
verbose = options.verbose
return options
def main():
options = options_handler()
c = demisto.DemistoClient(options.key, options.server)
incidents = c.SearchIncidents(options.page, 0, options.filter)
print('using filter %s' % options.filter)
print('Total #incidents: %d, incidents going to be updated' % (incidents['total']))
proceed = raw_input('OK to proceed (type y, yes or leave empty)? ')
proceed = proceed.lower()
if proceed == 'y' or proceed == 'yes' or proceed == '':
if options.action == 'close':
data = {'closeReason': options.closeReason, 'closeNotes': options.closeNotes, 'filter': {'page': options.page, 'size': options.size, 'query': options.filter}}
data['all'] = True
if options.customFields:
data['CustomFields'] = json.loads(options.customFields)
r = c.req('POST', 'incident/batchClose', data)
if r.status_code != 200:
raise RuntimeError('Error updating incidents - %d (%s)' % (r.status_code, r.reason))
rj = json.loads(r.content)
if rj['notUpdated'] > 0:
print('Updated %d and could not update %d' % (rj['total']), rj['notUpdated'])
else:
print('Updated %d incidents' % rj['total'])
if __name__ == '__main__':
main()