This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Having some issues with siemplify.update_entities(list_of_entities) method

Posted on 08-15-2023 02:55 AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi Team

I am having some issues with A soar script. it seems to be happening when I call the siemplify.update_entities(list_of_entities) method. I get a server error 500 usually something like this. I seen this not only in my custom scripts but also in chronicle integration and virus total. Usually happens when its updating the entity context. The issue is this error is somewhat cryptic.

Traceback (most recent call last):
File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/Siemplify_V70.0/0lmpl4id.d5k/qpr23dqy.xza.py", line 246, in <module>
main()
File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/SiemplifyUtils.py", line 81, in wrapper
return func(*args, **kwargs)
File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/Siemplify_V70.0/0lmpl4id.d5k/qpr23dqy.xza.py", line 199, in main
siemplify.validate_siemplify_error(r)
File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/SiemplifyBase.py", line 101, in validate_siemplify_error
raise Exception("{0}: {1}".format(e, response.content))
Exception: 500 Server Error: Internal Server Error for url: http://server:80/api/external/v1/sdk/UpdateEntities?format=snake : {"errorCode":2000,"errorMessage":"An error occurred. Please contact your system administrator.","innerException":null,"innerExceptionType":null} Any help would be highly appreciated?

0 10 878
0 Likes
10 REPLIES 10

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM


https://us.v-cdn.net/6031969/uploads/editor/wg/0l5utiadamf9.png

0 Likes

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@shakedtal & @adam9 - Any idea on this?

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

hey @spawar_apex can you please provide more info on what you are trying to achieve?

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

what are you updating entities with/for?

0 Likes

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi @Dmitry_Sarakeev , We have created a custom integration and importing from SiemplifyAction import SiemplifyAction that perform an action
siemplify.update_entities(updated_entities) .

When playbook executes, it tries to run the function siemplify.update_entities(updated_entities) and that's where its failing.

NOTE: one of the native entity fields which is is_internal (displayname: IsAssetInternal)

Sharing a code sample with you.
# update entities
output = []
updated_entities_context = []
if len(query_results) > 0:
for res in query_results:
for entity in entities:
if entity.identifier == res["attributes"].get("sAMAccountName", "none").upper() or entity.identifier == res["attributes"].get("mail", "none").upper() or entity.identifier == res["attributes"].get("computer", "none").upper():
print(entity.identifier)
output.append(entity.identifier)
entity.is_internal = True
entity.is_enriched = True
entity.additional_properties["IsInternalAsset"] = "True"
entity.additional_properties["IsFromLdapString"] = "True"
entity.additional_properties["IsEnriched"] = "True"
updated_entities_context.append(entity)
else:
pass

if len(updated_entities_context) > 0:
#print(updated_entities_context)
#print(json.dumps(updated_entities_context[0].__dict__, indent=4))
#print(json.dumps(query_results, indent=4))
# server error when trying to update entity
try:
siemplify.update_entities(updated_entities)
result_value = True
out = ", ".join(output)
#print(json.dumps(query_results, indent=4))
output_message = f"The following entities were updated: {out}"
except Exception as error:
output_message = f"{error}"
result_value = False

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

can you please try to remove is_internal = True from the code and try again?

0 Likes

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Sure @Dmitry_Sarakeev . Let me try at my end & share an update with you in a moment.

0 Likes

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@Dmitry_Sarakeev - I removed is_internal = True and tried it again, but it didnt pass through. Also, I set it to False that too even didnt work out. not sure, where is the block as I'm not able to get more information to debug.

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

Hi, i asked one of our team members to check it, this is what he wrote:
it looks like the issue could be that they are using the wrong list variable with siemplify.update_entities( ). siemplify.update_entities(updated_entities) to: siemplify.update_entities(updated_entities_context) I ran a stripped down version of the code and it worked for me.

0 Likes

Posted on --/--/---- --:-- AM
spawar_apex
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Okay. Let me try this at my end and see it works or not. Thanks @Dmitry_Sarakeev . I'll keep you posted.

0 Likes
Top Solution Authors
View all