community-help
  • g

    green-architect-4647

    05/14/2022, 1:46 PM
    Asking here as others may benefit from the answer. (No rush on this as it's not blocking) What implementation of JSONPath does Tines use? The basics are largely the same, but filters/scripts seem to differ (I had this problem with Python libraries). Or is there some other quirk going on here? I'm trying to extract the value associated with the severity key to no avail. This works fine on jsonpath.com (minus escaping the quotes) (See thread)
  • t

    thankful-potato-8143

    05/16/2022, 3:49 PM
    Is there a tutorial for using the gmail api to send emails?
  • g

    great-daybreak-70417

    05/19/2022, 3:44 PM
    Hey, Is it possible to achieve the 'Where Not' equivalent of this
    WHERE(compile_assets.array, "asset_type", LOOP.value)
    in a single event transform? Where the loop value is a resource with a dictionary of 'asset_types' that i want to remove from the 'assets.array'. The
    WHERE
    works, but as the list of types im not interested in is smaller, it's easier to maintain the resource for those i don't want to keep. Thanks
  • e

    early-vegetable-9315

    05/20/2022, 2:03 PM
    Hello everyone! I am trying to iterate over array RESOURCE (an array of json blobs) pull out a specific value in the json, and then get the average of values. I am struggling with the liquid formula (output is “” regardless of what I try. Any suggestions (formula in thread)?
  • m

    mysterious-winter-58499

    05/25/2022, 1:03 PM
    Hiya, working on a crowdstrike story and I get the following error. Has anyone experienced this before?
  • g

    green-architect-4647

    05/25/2022, 3:35 PM
    Hey folks, I think I deleted a story containing a webhook, so created a new story and replicated the path/secret and whilst it works, it's complaining that the webhook path is duplicated with another event. Changing the URL to the event in question doesn't show me the event, will it be deleted in the background at some point?
  • t

    thankful-potato-8143

    05/25/2022, 10:09 PM
    Hi, I had an msgraph integration that was working but now I'm getting a 401. I checked the credentials and I got a log-in prompt. I entered my creds and got this
  • r

    red-caravan-3691

    05/25/2022, 10:52 PM
    Hey Community! https://www.tines.com/blog/chatbots-for-security-and-it-teams-part-3-creating-a-slack-chatbot in this example (Slash Commands), is the Slack Webhook URL entry corresponding to the Tines Story Webhook Action (I assume/99% certain)?
  • g

    gray-wall-69994

    05/26/2022, 6:41 PM
    Hey all, anyone know what the size limit is for a resource list?
  • s

    straight-judge-35557

    05/27/2022, 7:46 AM
    how to access the value in a dictionary object with one of the key special character {“addr.local”:“ip-172-16-1-1:88"}” in tines? tried |>get(%,[“addr.local”]) with no luck?
  • g

    green-architect-4647

    05/27/2022, 3:15 PM
    Is there an easy way to take an existing action and create a template from it? Currently I'm copying the action, extracting the
    options
    with some find/replace to unescape the "s and then pasting into the template UI.
  • m

    miniature-crayon-82650

    06/02/2022, 2:31 PM
    I am brand-new to Tines. I’m not a programmer. I think there might be opportunities to incorporate logic into my stories with triggers and event transforms but I am not skilled in how to edit them. I have accessed Tines documentation but I cannot seem to find anything that resonates with me. I am attempting to write stories for a non-security related use case. My goal is to use my stories to enroll customers in fictious training from Contoso Education. I’m wondering how to incorporate logic into my stories. For example, how to get user name, course name, course date added to automated emails. A second example would be redacting user passwords when emails are sent to the operations team. Annotations for each of my stories are described below: New Contoso Education Account The goal of this story is to establish a new Contoso Education account. To enroll in a course, students that want to take Contoso training must have an account in the LMS in order to enroll in a course. To establish an account, prospective students must complete the form associated with this story. The new account story should generate a unique user ID and a confirmation email with login credentials (which are captured in the form associated with this story.) The registration email, with a redacted user password, would also be sent to the fictional Contoso Education Operations team. Contoso Education Enrollment Form This story aims to enroll a person in a training course. To enroll in a course, you must have an account in the LMS. If this is the first time the student is enrolling in a Contoso course, the new account story should run, then redirect the student back to the course enrollment story. To complete enrollment in a course, the student must complete the form associated with this story. After enrolling in a course, students will be sent a confirmation email. The fictional Contoso Education Operations team will also receive a copy of the enrollment email. (Presumably, another story preparing the student's training materials and lab access credentials would run and be sent to the student on the start date for their training.) Am I being too ambitious? Thanks for your insights!
  • a

    ancient-flower-50991

    06/02/2022, 5:59 PM
    Hi all! I've been tinkering with google automation and keep on getting 401 responses with our service account; I figure there's a simple thing I'm overlooking. Are there any pages or reference material I could look to for configuring and referencing credentials such as with google?
  • r

    red-caravan-3691

    06/03/2022, 10:10 PM
    Hey all! Has anyone pulled Sumo Logic User lists and used Event Transformations to Explode the content? Getting:
    Value at <X> is not an array or does not exist
    As the return output is a huge list which is sub-divided into Arrays containing JSON, kinda like:
    {
    "get_a_list_of_users_in_sumo_logic":
    {
    "body":
    {
    "data":
    [
    
    {
    "firstName":"X",
    "lastName":"X",
    "email":"X",
    "roleIds":
    [
    ],
    "createdAt":"X",
    "createdBy":"X",
    "modifiedAt":"X",
    "modifiedBy":"X",
    "id":"X",
    "isActive":true,
    "isLocked":false,
    "isMfaEnabled":false,
    "lastLoginTimestamp":"X"
    },
    Followed by the next user etc.. Im not sure if I am using Explode correctly here
  • r

    red-daybreak-70524

    06/04/2022, 2:03 PM
    Is there a native way to generate a UUID? Could this be a custom formula? Currently using
    <https://www.uuidgenerator.net/api>
  • m

    millions-market-59432

    06/10/2022, 4:47 PM
    Simple question here: for failed actions, is there an easy way to see the outgoing payload? Many APIs do not give friendly responses when payloads are malformed
  • t

    thankful-potato-8143

    06/13/2022, 4:23 PM
    Adding some error handling - are triggers the best way to handle error codes?
  • r

    red-caravan-3691

    06/14/2022, 3:31 PM
    Hey Gang! Does anyone have any experience with getting OAUTH tokens from JamF API?
  • r

    red-caravan-3691

    06/14/2022, 3:37 PM
    Does anyone also have an already-built action for disabling user account in Google Suite?
  • m

    modern-farmer-99434

    06/20/2022, 11:32 AM
    Hi Moustapha - is the event correctly encoded i.e. if you put it into https://www.base64decode.org does it decode correctly?
  • e

    echoing-airline-38523

    06/20/2022, 1:54 PM
    Hello everyone, hope you are all doing well, I'm trying to integrate our crowdstrike into tines and i'm following a guide from Tines itself but it isn't working is there someone that already has done this? thank you in advance
  • d

    delightful-actor-15749

    06/21/2022, 12:40 PM
    Hello everyone, just joined this channel via a customer. Considering mysel as a “Tines newbie”, I’m trying to retrieve details from alerts generated by VT Hunting rules. Anybody already automated this? Any tip?
  • f

    flat-kitchen-56993

    06/22/2022, 10:03 AM
    Hi everyone, is there any function to validate email format, like the one for IP (
    IS_IP_ADDRESS
    )? TBH don't really want to regex it 🙂
  • r

    rapid-appointment-74892

    06/23/2022, 6:49 PM
    Hello guys, I have a quick question for you, is it possible to use implode to generate an array with only filtered items after an explode is performed? do you have an example?
  • f

    flat-kitchen-56993

    06/23/2022, 8:13 PM
    Hi everyone, does someone know why these function
    STORY_RUN_GUID()
    and
    STORY_RUN_GUID()
    always return empty when I call them ? I'm trying to use them the in the Webhook response body.
  • r

    red-hairdresser-67741

    06/24/2022, 10:12 AM
    Hello, I am trying to create a story to which assessed emails I am using the MS graph to pull emails using the http request action. I have some logic run slip if attachments are in the email and then run another http request to get the attachment. the graph requires the following url:https://graph.microsoft.com/v1.0/me/mailFolders/inbox/messages/XXXXX/attachments the XXXXX is a placeholder for the messageID which I get from the original http request my question is this. How can I get the messageID value from the original http request without the quotations surrounding the ID? Any help would be greatly appreciated.
  • f

    flat-kitchen-56993

    06/24/2022, 10:34 AM
    Hi team, I'm trying to use this functionality (Lampba as Resource). But it seems not working well. Here is a simple example I was trying and the errors I got. The resource definition of
    Internal
    {
      "calculation": "<<LAMBDA(num, num+1)>>"
    }
    Thanks in advance for your help.
  • m

    modern-farmer-99434

    06/28/2022, 10:48 AM
    Hi Moustapha - can you see if it works if you put it in quotes?
  • r

    ripe-tailor-83334

    06/28/2022, 2:54 PM
    Howdy, is there a way to nest functions in as part of a json value? e.g.
    object.(KEYS(object)[0])
    or am I missing a simpler way to grab the first and only key out of a specific object when the actual name of the key will change from event to event
  • a

    able-toddler-42129

    06/30/2022, 2:23 PM
    👋 I'm following this tutorial on getting slackbots and tines integrated (https://www.tines.com/blog/chatbots-for-security-and-it-teams-part-3-creating-a-sla[…]c=1irRQnnbGX9ks16T5Zc3IIg%3D%3D%243HnZkdQwYsx8066TVV-iCg%3D%3D), and I'm running into an issue with slash commands. where I have
    "response": "Hi {{.user_name}}! Thanks for submitting your {{.command}} request to Tines, we're analyzing now"
    but when I run the slash command, it treats
    {{.user_name}}
    as a string, so it comes out as "Hi {{.user_name}}...", am I missing something here?