Trusted Contributor.. jakub_gawinkows Trusted Contributor..
Trusted Contributor..
268 views

Execute Command action not work with python

Hi,

I have a script, which create ticket in external system. It woks when I run it from command line, but when I try use it in rule action, then it doesn't work.

I tried the following configuration

Platform: Unix

Command: /usr/bin/python /opt/alert/create_with_values.py

Parameters: -n $name -d $message -t Brute-force -c arcsight_id=$eventId" 

Action Type: Automatically Run On Manager

and

Platform: Unix

Command: /usr/bin/python

Parameters: /opt/alert/create_with_values.py -n $name -d $message -t Brute-force -c arcsight_id=$eventId" 

Action Type: Automatically Run On Manager

Arcsight version is 6.11.

Can anyone help?

0 Likes
2 Replies
Highlighted
Honored Contributor.. jorgeoa Honored Contributor..
Honored Contributor..

Re: Execute Command action not work with python

Hi jakub,

The python script should be executable and if you want to call it in the Command field, it has to have the "env python" declaration:

#!/usr/bin/env python

 Tested with these setups:

Platform: Linux
Command: /usr/bin/python
Argument: "/home/arcsight/scripts/test.py" "param1"

 

Platform: Linux
Command: /home/arcsight/scripts/test.py
Argument: "param1"
0 Likes
Trusted Contributor.. jakub_gawinkows Trusted Contributor..
Trusted Contributor..

Re: Execute Command action not work with python

Hi,

Thanks for your answear, but script, which I try to use, has "env python" declaration

 

#!/usr/bin/env python

"""
Simple script to create a new incident, specifying values for custom fields.
"""
from __future__ import print_function
from argparse import REMAINDER
import time
import logging
import resilient


logging.basicConfig()


class ExampleArgumentParser(resilient.ArgumentParser):
    """Arguments for this command-line application, extending the standard Resilient arguments"""

    def __init__(self, config_file=None):
        super(ExampleArgumentParser, self).__init__(config_file=config_file)

        self.add_argument('--name', '-n',
                          required=True,
                          help="The incident name.")

        self.add_argument('--description', '-d',
                          required=True,
                          help="The incident description.")

        self.add_argument('--itype', '-t',
                          action='append',
                          help="The incident type(s).  Multiple arguments may be supplied.")

        self.add_argument('--custom', '-c',
                          nargs=REMAINDER,
                          help="Custom field values, specified as: fieldname=value")


def main():
    """
    program main
    """

    parser = ExampleArgumentParser(config_file=resilient.get_config_file())
    opts = parser.parse_args()

    inc_name = opts["name"]
    inc_desc = opts["description"]
    inc_types = opts["itype"]

    # Create SimpleClient for a REST connection to the Resilient services
    client = resilient.get_client(opts)

    # Discovered Date will be set to the current time
    time_now = int(time.time() * 1000)

    # Construct the basic incident DTO that will be posted
    new_incident = {"name": inc_name,
                    "description": inc_desc,
                    "incident_type_ids": inc_types,
                    "discovered_date": time_now,
                    "properties": {}}

    # Add the specified values for any custom fields,
    # per the command-line arguments provided.
    # Within the incident JSON structure, the values for custom fields
    # are all contained within a dictionary value named 'properties'.
    for custom in opts["custom"]:
        (field_name, field_value) = custom.split("=", 1)
        print("{} = {}".format(field_name, field_value))
        new_incident["properties"][field_name] = field_value

    try:
        uri = '/incidents'

        # Create the incident
        incident = client.post(uri, new_incident)

        inc_id = incident["id"]

        print("Created incident {}".format(inc_id))

    except resilient.SimpleHTTPException as ecode:
        print("create failed : {}".format(ecode))

if __name__ == "__main__":
    main()

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.