prehistoric-byte-67742
11/27/2021, 3:48 PMred-caravan-3691
12/09/2021, 10:00 PMshy-wire-13053
01/25/2022, 4:35 PMelegant-machine-17590
02/12/2022, 5:33 PMnarrow-rocket-50910
02/15/2022, 11:25 PM"assignee": {
"id": ""
}
But this will return a 200 and create the ticket with a user unassigned:
"assignee": {}
I know I can easily get around this by creating two different HTTP Actions and a Trigger, but was wondering if there may be a better way to do this.? This is what I was working with so you get an idea of what I was going for:
"assignee": {
"id": "{% assign accountEmail = .list_users_in_jira.body.first.emailAddress %}{% if .extract_configuration.config_object.jira_rcpt == accountEmail %}{{ .list_users_in_jira.body.first.accountId}}{% else %}{% endif %}"
}
red-caravan-3691
02/17/2022, 12:10 AM"limit": "10",
"sort": "first_behavior|desc",
"filter": "severity:'High'"
`}`” within the payload yields blank results (also tried case-sensitive)
Amending the called URL directly via “`/detections?filter=severity%3A%27High%27%2Bseverity%3A%27Critical%27%2Bseverity%3A%27Medium%27&groupBy=none&sortBy=date%3Adesc`” gives a “Validation Error”
If possible, I’d prefer to do this in the payload so I can take this example and learn for next timeabundant-pilot-90646
03/02/2022, 5:42 PMbig-jewelry-40968
03/02/2022, 7:14 PMred-caravan-3691
03/03/2022, 4:58 AMwithin X number of days from now
or within the past X number of days until now
I know this example ("now" | date: "%Y-%m-%d"
) is equal to today
Hope this makes sense. TY!alert-apple-51290
03/05/2022, 5:20 PMdelightful-iron-88953
03/09/2022, 1:23 AMdelightful-iron-88953
03/09/2022, 3:40 AMcrowdstrike_api
- the error is invalid URLgentle-carpet-19118
03/10/2022, 3:24 PMgreen-architect-4647
03/11/2022, 12:41 PMusers.messages.list
route requires a UserId. Maybe creating a company wide group that receives a copy of every email?helpful-jordan-62716
03/14/2022, 4:37 PMlogin_url = self.base_url.format(server=server, port=port) + "/login.html"
session = requests.session()
login_response = <http://session.post|session.post>(login_url, data=data, verify=True, headers=headers)
Thank you 🙂silly-finland-71256
03/15/2022, 11:07 AMgreen-architect-4647
03/17/2022, 1:59 PMjsonparse
with spaces? From the VirusTotal API I want to enumerate the Alexa and Umbrella ranks. Using search_for_domain_address_in_virustotal.body.data.attributes.popularity_ranks | jsonpath: "Alexa.rank"
works fine and returns 1
, but search_for_domain_address_in_virustotal.body.data.attributes.popularity_ranks | jsonpath: "Cisco Umbrella.rank"
returns the whole JSON dict. Only difference is the space? Testing with https://jsonpath.com/ it also works so I can't understand why.rapid-king-38539
03/24/2022, 3:45 PMchat.postMessage
to post a message to an IM session between a chatbot and a user. That works fine, and I get back a channel ID and a timestamp on the message sent. I then try chat.update
with that channel ID and timestamp, trying to update the message, and it invariably returns a message_not_found
. Has anyone successfully done a postMessage
followed by an update
within a Tines story?thankful-potato-8143
03/24/2022, 4:31 PMrapid-king-38539
03/24/2022, 7:53 PMthankful-potato-8143
03/28/2022, 3:55 PMgray-wall-69994
03/31/2022, 1:25 PMagreeable-ram-12207
04/05/2022, 9:52 PMred-caravan-3691
04/07/2022, 9:22 PMcreamy-lawyer-45588
04/08/2022, 1:57 PM{
"metadata": [
{
"id": "0fcdd87b-258d-44dd-8d34-47818732e8e4",
"label": "MAILBOX_BRUTEFORCER",
"slug": "mailbox-bruteforcer",
"name": "Mailbox Bruteforcer",
"category": "activity",
"intention": "malicious",
"description": "This IP address has been observed attempting to bruteforce POP3 and IMAP usernames and passwords.",
"references": [],
"recommend_block": true,
"cves": [],
"created_at": "2020-04-07",
"related_tags": null
},
{
"id": "98f9ab2d-3eb1-4292-8232-2eb164b58aa9",
"label": "NETGAIN_EM_CMD_INJECTION",
"slug": "netgain-em-cmd-injection",
"name": "NetGain EM Command Injection",
"category": "activity",
"intention": "malicious",
"description": "This IP address has been seen attempting to use a command injection vulnerability in some versions of NetGain Enterprise Manager.",
"references": [
"<https://www.exploit-db.com/exploits/41499>"
],
"recommend_block": true,
"cves": [],
"created_at": "2020-04-07",
"related_tags": null
},
creamy-lawyer-45588
04/08/2022, 5:28 PMthankful-potato-8143
04/11/2022, 3:40 PMalert-machine-38213
04/11/2022, 5:43 PM{
"url": "<https://www.googleapis.com/admin/directory/v1/users/{{userkey}}>",
"content_type": "json",
"method": "post",
"payload": {
"primaryEmail": "{{user@yourcompany.com}}",
},
"suspended": true,
"headers": {
"Authorization": "Bearer {{.CREDENTIAL.google_oauth}}"
}
}
gray-diamond-18991
04/20/2022, 1:54 PMrec_id
“LW_S3_1”, which I think should match. Do you see what I mean? What could be missing here? Thx!adorable-photographer-66555
Cmd/Ctrl
and drag to multi-select all actions. Then if you click on the little keyboard icon in the bottom-right hand corner of the storyboard there's an option to auto-layout which will handle this for you