Using the Script Native Action

the script native action in swimlane turbine empowers analysts and security professionals to harness the flexibility of python for automating tasks within their playbooks while swimlane turbine supports advanced jsonata scripting, the script action simplifies handling basic python tasks key benefits of the script action flexibility with python leverage python 3 11 to manipulate data and handle edge cases efficiency reduces complexity compared to jsonata for simpler tasks preloaded libraries access standard python libraries, numpy https //numpy org/doc/stable/index html (v1 25 2), and pendulum https //pendulum eustace io/ (v2 1 2) for enhanced scripting capabilities swimlane python chatbot use the swimlane python chatbot for script assistance, powered by chatgpt's openai integration for boolean and null data types, import the json library and use json loads(\<my ref>) to ensure proper data loading python does not natively support all json types, but this method ensures correct handling setting up the script native action here’s how to configure a script action in your playbook from the add panel, drag and drop the script action onto the playbook canvas click configure , then add property to define input data types (string, number, boolean, object, array, or attachment) write your python script in the provided field or select upstream playbook inputs using the property drawer script inputs define static and dynamic inputs using the following supported types string number boolean object array attachment configuring script inputs follow these steps to set up your inputs click add property in the inputs pane to define your inputs rename properties as needed using the pencil icon write or paste your python code in the script pane in this example, a script evaluates a last malicious score to determine if it meets the malicious score threshold outputs tab the outputs tab enables promotion of action outputs for downstream use outputs tab allows you to select all outputs provided by the action and you can promote them the output tab also allows you to mark the data as sensitive you can mark as sensitive my clicking the ellipsis button and click mark sensitive testing the script test your script in the test tab before full integration the results appear in the results pane this is useful for debugging and validating output see the script test use case for detailed examples handling attachments in scripts work with attachments as inputs or outputs in your script outputting an attachment follow these steps to output an attachment select script from the action drop down use the following code to create and write to an attachment using an attachment as input to use an attachment as input add an attachment property select the attachment object from the property drawer process the attachment using the following code use cases for more examples and detailed use cases, see the script test use case best practices start simple begin with straightforward scripts before moving to more complex logic use comments comment your code for clarity and easier debugging test frequently use the test tab to validate your script iteratively handle errors gracefully include error handling to manage unexpected inputs or conditions