Can you share the file though @thankful-potato-8143 ? I’d love to see if there’s something up with it!

I’m trying to write a trigger that checks if a value is “Critical”, “High”, or “Medium”

Question: Trying to use HTTP action to send data to a splunk HEC. Collector is configured and test with cURL in my CLI shows that the HEC token is valid and works...however, when posting from Tines, I continually get a 403 error. Any insight or experience that might help me troubleshoot my issue?

Hi all, does anyone use any.run for uploading files to be analyzed? It seems that the current templated action is not working anymore. It gives me this error “ValidationError: “value” must contain at least one of [obj_url, file]“. It worked fine until a few days ago. Thank you!!

Hey community!! A bit specific, but looking for a potential example I can build on. Has anyone built/engineered any part of a playbook for Google G-Suite Audits? I want to build a story that audits all Google SaaS-related documents (I.E online documents/sheets etc) that have been shared with contacts outside of my organization… where

organization!=<http://mycompany.com|mycompany.com>

So I copied the bearer token from the API client and copied it into the Tines body, and it was successfully able to interrogate the MSGraph URL

Howdy! Hopefully someone can help guide me or point me to a similar sample. I'm sending a SIEM alert to slack, and then separately subscribing to a reaction on that message to add additional alert context in the thread. The problem is I can't figure out how to reference that alert context from the reaction flow (the alert context is part of the original alert webhook from SIEM).

Concerning OAuth2, is Tines considered a Single Page Application?

anybody have a nice trick for appending a query parameter value if a value exists? Liquid formatting causes the URL parser for the HTTP agent to die. I could do this with a pre-formatter but I would like to avoid that if possible

Hi, I’m hoping i might be able to get some pointers on how i could achieve the following. I'm looking to loop over some json, searching for a string value on the key ‘team’ & its value within 'tags' , if it exists add a new key named ‘teams’ and assign the team name as the value, if there’s no match then a value of ‘unknown’. Hope that makes sense 😊. Example input object, and the result I’m looking to achieve: Input array object:

[
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo1",
   "Category": "bar",
   "SubCategory": "1",
   "tags": "{\"value\": \"ateam\", \"key\": \"team\"}"
 },
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo3",
   "Category": "bar2",
   "SubCategory": "1",
   "tags": "{\"value\": \"bteam\", \"key\": \"team\"}"
 },
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo2",
   "Category": "bar1",
   "SubCategory": "1",
   "tags": "{\"value\": \"bteam\", \"key\": \"team\"}"
 },
 {
   "account_name": "Account-B",
   "asset_type": "Type3",
   "Name": "foo3",
   "Category": "bar",
   "SubCategory": "3",
   "tags": ""
 }
]

Output object:

[
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo1",
   "Category": "bar",
   "SubCategory": "1",
   "tags": "{\"value\": \"ateam\", \"key\": \"team\"}",
   "team": "ateam"
 },
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo3",
   "Category": "bar2",
   "SubCategory": "1",
   "tags": "{\"value\": \"bteam\", \"key\": \"team\"}"
   "team": "bteam"
 },
 {
   "account_name": "Account-A",
   "asset_type": "Type1",
   "Name": "foo2",
   "Category": "bar1",
   "SubCategory": "1",
   "tags": "{\"value\": \"bteam\", \"key\": \"team\"}",
   "team": "bteam"
 },
 {
   "account_name": "Account-B",
   "asset_type": "Type3",
   "Name": "foo3",
   "Category": "bar",
   "SubCategory": "3",
   "tags": "",
   "team": "unknown"
 }
]

Thanks 🙏

Hey, Has anyone got a slick way of using an event transform to concat multiple API response into a single array (object), basically attempting to get all the responses from API pagnation calls into a single json object. cheers

Maybe a simple one, I have a list of X length, each entry containing a JSON dict with the same keys and a list of values. Any pointers on merging (collapsing?) these on the key, and concatenating the values. So the end result would be:

{
  "events": [...], 
  "entities": [...]
}

Asking here as others may benefit from the answer. (No rush on this as it's not blocking) What implementation of JSONPath does Tines use? The basics are largely the same, but filters/scripts seem to differ (I had this problem with Python libraries). Or is there some other quirk going on here? I'm trying to extract the value associated with the severity key to no avail. This works fine on jsonpath.com (minus escaping the quotes) (See thread)

Is there a tutorial for using the gmail api to send emails?

Hey, Is it possible to achieve the 'Where Not' equivalent of this

WHERE(compile_assets.array, "asset_type", LOOP.value)

in a single event transform? Where the loop value is a resource with a dictionary of 'asset_types' that i want to remove from the 'assets.array'. The

WHERE

works, but as the list of types im not interested in is smaller, it's easier to maintain the resource for those i don't want to keep. Thanks

Hello everyone! I am trying to iterate over array RESOURCE (an array of json blobs) pull out a specific value in the json, and then get the average of values. I am struggling with the liquid formula (output is “” regardless of what I try. Any suggestions (formula in thread)?

Hiya, working on a crowdstrike story and I get the following error. Has anyone experienced this before?

Hey folks, I think I deleted a story containing a webhook, so created a new story and replicated the path/secret and whilst it works, it's complaining that the webhook path is duplicated with another event. Changing the URL to the event in question doesn't show me the event, will it be deleted in the background at some point?

Hi, I had an msgraph integration that was working but now I'm getting a 401. I checked the credentials and I got a log-in prompt. I entered my creds and got this

Hey Community! https://www.tines.com/blog/chatbots-for-security-and-it-teams-part-3-creating-a-slack-chatbot in this example (Slash Commands), is the Slack Webhook URL entry corresponding to the Tines Story Webhook Action (I assume/99% certain)?

Hey all, anyone know what the size limit is for a resource list?

how to access the value in a dictionary object with one of the key special character {“addr.local”“ip 172 16 1 188"}” in tines? tried |>get(%,[“addr.local”]) with no luck?

Is there an easy way to take an existing action and create a template from it? Currently I'm copying the action, extracting the

options

with some find/replace to unescape the `"`s and then pasting into the template UI.

I am brand-new to Tines. I’m not a programmer. I think there might be opportunities to incorporate logic into my stories with triggers and event transforms but I am not skilled in how to edit them. I have accessed Tines documentation but I cannot seem to find anything that resonates with me. I am attempting to write stories for a non-security related use case. My goal is to use my stories to enroll customers in fictious training from Contoso Education. I’m wondering how to incorporate logic into my stories. For example, how to get user name, course name, course date added to automated emails. A second example would be redacting user passwords when emails are sent to the operations team. Annotations for each of my stories are described below: New Contoso Education Account The goal of this story is to establish a new Contoso Education account. To enroll in a course, students that want to take Contoso training must have an account in the LMS in order to enroll in a course. To establish an account, prospective students must complete the form associated with this story. The new account story should generate a unique user ID and a confirmation email with login credentials (which are captured in the form associated with this story.) The registration email, with a redacted user password, would also be sent to the fictional Contoso Education Operations team. Contoso Education Enrollment Form This story aims to enroll a person in a training course. To enroll in a course, you must have an account in the LMS. If this is the first time the student is enrolling in a Contoso course, the new account story should run, then redirect the student back to the course enrollment story. To complete enrollment in a course, the student must complete the form associated with this story. After enrolling in a course, students will be sent a confirmation email. The fictional Contoso Education Operations team will also receive a copy of the enrollment email. (Presumably, another story preparing the student's training materials and lab access credentials would run and be sent to the student on the start date for their training.) Am I being too ambitious? Thanks for your insights!

Hi all! I've been tinkering with google automation and keep on getting 401 responses with our service account; I figure there's a simple thing I'm overlooking. Are there any pages or reference material I could look to for configuring and referencing credentials such as with google?

Hey all! Has anyone pulled Sumo Logic User lists and used Event Transformations to Explode the content? Getting:

Value at <X> is not an array or does not exist

As the return output is a huge list which is sub-divided into Arrays containing JSON, kinda like:

{
"get_a_list_of_users_in_sumo_logic":
{
"body":
{
"data":
[

{
"firstName":"X",
"lastName":"X",
"email":"X",
"roleIds":
[
],
"createdAt":"X",
"createdBy":"X",
"modifiedAt":"X",
"modifiedBy":"X",
"id":"X",
"isActive":true,
"isLocked":false,
"isMfaEnabled":false,
"lastLoginTimestamp":"X"
},

Followed by the next user etc.. Im not sure if I am using Explode correctly here

Is there a native way to generate a UUID? Could this be a custom formula? Currently using

<https://www.uuidgenerator.net/api>

Simple question here: for failed actions, is there an easy way to see the outgoing payload? Many APIs do not give friendly responses when payloads are malformed

Adding some error handling - are triggers the best way to handle error codes?

Hey Gang! Does anyone have any experience with getting OAUTH tokens from JamF API?