soar_ops module
TIPCommon.soar_ops.create_slo_message
TIPCommon.soar_ops.create_slo_message(slo: int, interval_days: Iterable[int], existing_comments: Iterable[str])
Get SLO warning messages based on time intervals and existing comments.
For the interval_days=[0, 1, 7, 14] parameter, the function sends a message
warning that the SLO would be breached following the next schedule:
- 7-14 days until the expiration time.
- 1-7 days until the expiration time.
- When the SLO was breached.
If a comment was already sent in the current breached interval, no new comment
is returned (None is returned).
| Parameters | |
|---|---|
slo |
intThe SLO breach date in Unix microseconds (for example, 1_673_774_674_567) |
interval_days |
Iterable[int]An iterable containing the number of days from time breach warnings should be sent (for example, [0, 1, 3, 7, 14]) |
existing_comments |
Iterable[int]The existing comments to check if a comment was already sent. |
Raises
ValueError, if one of the time intervals is negative.
Returns
If a comment should be sent, the comment is returned. Else, None.
TIPCommon.soar_ops.get_clean_comment_body
TIPCommon.soar_ops.get_clean_comment_body(comment: str | CaseComment, prefix: str)
Remove a prefix from the comment string or comment object.
| Parameters | |
|---|---|
comment |
str | CaseCommentThe comment string or comment object to remove the prefix from. |
prefix |
strThe prefix to remove. |
Raises
TypeError, if the type of comment is neither str or CaseComment.
Returns
The comment without the prefix.
Return type
str
TIPCommon.soar_ops.get_soar_case_comments
TIPCommon.soar_ops.get_soar_case_comments(chronicle_soar: SiemplifyAction | SiemplifyJob, case_id: str | int)
Get a list of comment objects from a case by its ID.
| Parameters | |
|---|---|
chronicle_soar |
SiemplifyAction | SiemplifyJobThe SDK object. |
case_id |
str | intThe ID of the case which comments should be fetched. |
Returns
List of comment objects.
Return type
list[base.action.CaseComment]
TIPCommon.soar_ops.is_slo_comment
TIPCommon.soar_ops.is_slo_comment(comment: str)
Check if a comment is an SLO warning comment.
SLO comment is either an SLO warning: "SLO will be breached in {int} days" or an SLO breached message: "SLO was breached".
| Parameters | |
|---|---|
comment |
strThe comment to check. |
Returns
True if it's an SLO comment. Else, False.
Return type
bool
TIPCommon.soar_ops.remove_prefix_from_comments
TIPCommon.soar_ops.remove_prefix_from_comments(comments: list[str], prefix: str)
Remove a prefix (if any) from a list of comments.
| Parameters | |
|---|---|
comments |
list[str]The comments to remove the prefix from. |
prefix |
strThe prefix to remove. |
Returns
List of all comments after the prefix was removed from them
Return type
list[str]