-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
ShowCampaignLastIncidentOccurred.py
70 lines (50 loc) · 2 KB
/
ShowCampaignLastIncidentOccurred.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import demistomock as demisto # noqa: F401
from CommonServerPython import * # noqa: F401
import dateutil.parser
def get_incident_ids() -> list | None:
"""
Gets all the campaign incident ids.
Returns:
List of all the ids.
"""
incidents = demisto.get(demisto.context(), "EmailCampaign.incidents")
return [incident['id'] for incident in incidents] if incidents else None
def get_last_incident_occurred(incident_ids: list[str]) -> str:
"""
Gets the campaign last incident occurred date.
Args:
incident_ids: All the campaign incident ids.
Returns:
The date of the last incident occurred.
"""
res = demisto.executeCommand(
'GetIncidentsByQuery', {'query': f"id:({' '.join(incident_ids)})"}
)
if isError(res):
return_error(f'Error occurred while trying to get incidents by query: {get_error(res)}')
incidents_from_query = json.loads(res[0]['Contents'])
if not incidents_from_query:
return incidents_from_query
incident_created = max([dateutil.parser.parse(incident['created']) for incident in incidents_from_query])
return incident_created.strftime("%B %d, %Y")
def main():
try:
if (
(incident_ids := get_incident_ids())
and (last_incident_occurred := get_last_incident_occurred(incident_ids))
):
last_incident_occurred = get_last_incident_occurred(incident_ids)
html_readable_output = last_incident_occurred
else:
html_readable_output = "No last incident occurred found."
return_results(CommandResults(
content_format='html',
raw_response=(
"<div style='text-align:center; font-size:17px; padding: 15px;'>"
"Last Incident Occurred</br> <div style='font-size:24px;'> "
f"{html_readable_output} </div></div>")
))
except Exception as err:
return_error(str(err))
if __name__ in ('__main__', '__builtin__', 'builtins'):
main()