Nesting, Branching, and Conditions Loops Use Case

loops are a great way to iterate data inside a playbook without having to nest another playbook let's take a look at a use case scenario mei is an orchestrator who wants to get a count of ip addresses that are considered malicious she wants to get the list of ip addresses from specific regions, iterate the data, get a threat score for each ip address, then create conditions that filter out benign ip addresses but return a verdict of malicious ip addresses, then have an action that provide that list let's watch as she creates her playbook mei starts by creating a playbook with a webhook trigger configure your webhook with the desired data mei created a webhook trigger that sends data for a list of regions and the list of ip addresses within those regions now she wants to iterate over nested lists in a single object without having to use nested playbooks to do this, she adds a loop click add an action and select loop mei names her action loop over regions , ensures the process of the loop is sequential , and is ready to configure next, under configuration , click select a property or expression to get the region data, from the playbook properties, click regions now mei has her first loop and is ready to add her first nested loop click add an action and select loop mei names her action loop over ips , ensures the process of the loop is sequential , and is ready to configure next, under configuration , click select a property or expression this time, she will select a different playbook property to get the ip values, from the playbook properties, click the loop over regions actions, then selects value the next step is to retrieve ip scores for those regions mei adds a script native action called get ip score from the script tab, under inputs, she completes the following steps click add property , selects string , and clicks select a property mei names the text field ip when the playbook property drawer opens, she selects the same property as step 7 loop over regions action, then select value from the script tab, under script, enter the following code action outputs = random randint(1, 100) if mei wants to test this before continuing to build her playbook, she can click the test tab, enter the same values and click the test button for more information on testing scripts, mei reviews discovered outputs and testing docid\ xdoxji82d8iulanf8c34h it's time to filter those ip scores using the condition native action mei wants to filter any ip scores higher than 50 to be marked as malicious anything below 50 should be marked as benign add an on success condition native action click create your first condition and from the playbook properties, select the script action's result set the operator to is greater than and the value to 50 mei saves her changes and now her if/else condition is configured and she's ready to add the last two actions within her nested loop from the true condition, click add an action and select script mei titles the action mark as malicious so that it's easy to identify if the ip score is over 50 click add property , selects number , and clicks select a property mei names the text field score when the playbook property drawer opens, she selects the get ip score result from the script tab, under script, enter the following code action outputs = {"verdict" "malicious", "score" action inputs\["score"]} this generates the output with the verdict malicious for the last action inside the loop, mei needs to add another script action to output a score below 50 with a verdict of benign from the false condition, click add an action and select script mei titles the action mark as benign so that it's easy to identify if the ip score is below 50 click add property , selects number , and clicks select a property mei names the text field score when the playbook property drawer opens, she selects the get ip score result from the script tab, under script, enter the following code action outputs = {"verdict" "benign", "score" action inputs\["score"]} this generates the output with the verdict benign it's time for the last action that runs after the outer loop mei adds one final script native action, names it count malicious , and is ready to configure the action counts the number of malicious ip addresses by iterating over the results from the script tab, under inputs, click add property , selects object , and clicks select a property from the playbook property drawer, click the loop over regions action and select result from the script tab, under scripts, enter the following code scores = \[] for entry in action inputs\["prev"] for result in entry\["loop over ips"]\["result"] if 'mark as malicious' in result keys() scores append(result\["mark as malicious"]\["result"]\["score"]) action outputs = len(scores) conclusion mei successfully used turbine nested loops, conditions, and other native actions to get a count of ip addresses that are considered malicious