%20(1)-x8Y.png)
remove_alert_entities_from_custom_list
This function gets a category name (From CustomLists in the Siemplify
settings) and returns a list of objects of type
CustomList for any of the entities in the
scope that were removed from the chosen category. (Refer to the
SiemplifyDataModel for more info)
NOTE: The Environment is added implicitly from the alert’s environment!
result = siemplify.remove_alert_entities_from_custom_list("WhiteListed HOSTs")Parameters:
| Param Name | Param Type | Possible Values | Comments | Mandatory Parameter |
|---|---|---|---|---|
| category_name | string | “WhiteListed HOSTs” | the custom list category | Yes |
Return Type
ListExample:
Input: Explicitly, category_name. Implicitly, entities via scope.
Let’s assume this is the state of the CustomList table prior to the function call, and let’s assume the scope of the action has a single entity, “GOOGLE.COM”
Running remove_alert_entities_from_custom_list will result in a list of “CustomList” objects and a configuration change in the settings. Running the following code we get:
Sample Code
from SiemplifyAction import SiemplifyAction
siemplify = SiemplifyAction()
result = siemplify.remove_alert_entities_from_custom_list("WhiteListed HOSTs") Result Behavior
The "WhiteListed HOSTS" is removed.
Result Value
[<SiemplifyDataModel.CustomList object at 0x0000000003476E10>, <SiemplifyDataModel.CustomList object at 0x0000000003476B00>]