5.7.1 causing issues with iterator

Question

5.7.1 causing issues with iterator

Closed this issue 6 years ago · 10 comments

The escape quotes for datastore1 fails across everything I have iterating. Having issues getting any useful logs

Answer 1 · 2018-12-04T02:34:03.000Z

Ok, I'll take a look. Thanks for raising an issue @ericbud ! To help me debug it, which array iteration system are you using? Do you know if you're using the playbook (https://github.com/ThreatConnect-Inc/threatconnect-playbooks/tree/master/playbooks/array-serializer) or the component (https://github.com/ThreatConnect-Inc/threatconnect-playbooks/tree/master/components/array-iterator)?

Answer 2 · 2018-12-04T18:39:33.000Z

The components version I believe. Memory a little hazy, but looking at what I downloaded on the 7th, the names look to matchup
components_[Iterator]Iterate
Initialize
Get Data
Break

Answer 3 · 2018-12-05T12:58:11.000Z

Ok, thanks! I'll take a look.

In the mean time, if you are able to install custom playbook apps on your instance of ThreatConnect, there is an app to handle array iteration here: https://github.com/ThreatConnect-Inc/threatconnect-playbooks/tree/master/apps/TCPB_-_Array_Iterator which would be easier to use. You may want to install that in place of the component.

Answer 4 · 2018-12-06T14:11:22.000Z

K going to try that. Looks like it loses the "extra data" to pass through. Specifically an entityid that I was passing. Any suggestions there to pass a parentid to the iterator so associations can be made?

Answer 5 · 2018-12-06T15:15:01.000Z

Grr, cert errors.

Answer 6 · 2018-12-06T19:18:17.000Z

You should be able to pass extra data like an entityid to the "Playbook Trigger Link" as a query parameter.

e.g.

The array iterator app takes each item in the given array and sends it to the playbook specified by the "Playbook Trigger Link" parameter. The playbook to which each item in the array is sent can be designed to pull a query parameter from the request (you can get query parameters from a request using the "Value Lookup" playbook app).

Does that make sense and would that meet your use-case?

Answer 7 · 2018-12-06T20:38:07.000Z

Yes, just did that before reading this for the eventid.
Next issues:

It doesn't take a StringArray as input and that's kinda what we're sending it.
Seems to require something of ["1","2"] at least when 1 and 2 are hostnames. The Array->string breaks the formatting that it seems to want, outputting [1,2]

Answer 8 · 2018-12-07T14:14:54.000Z

Ah, true. That doesn't make much sense not to support string arrays. I've updated the app the be able to handle string and binary arrays.

Answer 9 · 2018-12-11T14:23:30.000Z

@ericbud : Were you able to test with the most recent version of the array iterator app (it is available for download here: https://tc.hightower.space/post/playbook-apps/array-iterator/ (not a ThreatConnect supported site))?

Answer 10 · 2018-12-12T00:00:39.000Z

0.1.0? Yes but I did edit it to ignore ssl on the query. The cert on the TC box is internally signed by our ca. The python doesn't know of it.

…

On Tue, Dec 11, 2018, 09:23 Floyd Hightower ***@***.*** wrote: @ericbud <https://github.com/ericbud> : Were you able to test with the most recent version of the array iterator app (it is available for download here: https://tc.hightower.space/post/playbook-apps/array-iterator/ (not a ThreatConnect supported site))? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#82 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ArdgyH2_dZw3Hu7K7RGMJsiuu7rHUKXxks5u37_kgaJpZM4Y_Hv6> .