Parsing the fields from xml input using python script

arjun · September 22, 2019, 6:41am

Hi ,

I am trying to automate the SIEM triage process for the Arcsight alerts.
I can see the Arcsight alerts as xml format in swimlane. Now I need to parse the different fields in the xml input so that i can display it for the analyst. I tried a custom python script for this , the script is returning results in the debugger , but in the actual record when I run this , the result is empty for some fields such as base event ids , not throwing any error also.

Do you have any inputs for this ? has any one faced this before or do you have any working script for this ?

Thanks ,
Arjun

Nikkuman · September 26, 2019, 5:56pm

Hi Arjun,

This isn’t an error I’ve run into with custom scripts debugging properly but not populating record fields. Have you double checked everything on the Outputs screen to make sure that the Update Current Record parameters are all correct and exactly identical to the variable names in your sw_outputs variable?

arjun · September 29, 2019, 12:46pm

Thank you Nikkuman for your inputs. I tried it and worked fine

Topic		Replies	Views
Python integration - Insert a record Integrations	3	2256	November 5, 2020
Newbie from Texas Welcome & announcements introduction	2	1194	March 26, 2019
Greetings from Norway Welcome & announcements	4	1340	June 21, 2019
VERIS Applet for Swimlane Incident response casemanagement	1	1021	April 17, 2018
Swimlane integration with RSA and ServiceNow SecOps	2	1706	January 3, 2019

Parsing the fields from xml input using python script

Related Topics