TemplateEngine

Overview

Provides the ability to render templates using Jinja2. Jinja2 provides fast and flexible ways to create rich templates. These templates can be used in entity insights, emails, ticketing systems, or any action that can take in a text string. Jinja2 documentation can be found at https://jinja.palletsprojects.com/en/2.11.x/.

Actions

Entity Insight

Description

Creates entity insights from a JSON object using a Jinja2 template.

Parameters

Parameter	Type	Default Value	Is Mandatory	Description
JSON Object	JSON	N/A	Yes	Specify the raw JSON object that will be used to render the template.
Template	Dropdown	SMRT Table CSS	No	Specify the Jinja2 Template to display. It can be a HTML template from “Settings->environment” or added in the content box.
Triggered By	String	Siemplify	Yes	Specify the name of the integration that triggered this entity insight.
Remove BRs	Checkbox	Unchecked	No	Specify whether you want to remove all <br> html tags from the rendered template.
Create Insight	Checkbox	Checked	No	Specify whether you want to create an entity insight.

Example

In this scenario, we’re creating an insight using a json object which includes entity identifier and json results from a previous action.

Action Results

Script Result
Script Result Name Value options Example
ScriptResult True/False True

JSON Result

{
"entity_insight" : "<div class="dmarc-compliance"> <table width="100%"> <col style="width:20%"><col style="width:80%"> <tr> <td><img title="compliant" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAPRJREFUeNqslMENgzAMRUPEAIzQEWCEHnsqdy4wAWWShgnaC3duPXYE2KCMwAbtt+RUkSnCrfoly8iJH45NiIxQcStSuBqWw5JgaYb1sLY7dGOYEwnAGe5ktuUAahYQAAa41Og1ApTRgw0q+AZASjnPRNyDQZk4wXYillluoqp8SoBVIl5bnoIGsEcP/ISmYC23Yoykq3jbG4Cj0967OFISyzNjc8XNJnckoAAsBkCNfcpKPCgY/yrAj3gWsRJJFy2A8mNuVPkBRL7ZAJB6qqRdWSTwQ/ERtpYvk1vZkCju0Pi/u0PigFMCnAcsfgW//k9eAgwAu4ZeSnNVcOkAAAAASUVORK5CYII=" width="17" /></td> <td>DMARC Compliant</td> </tr> <tr> <td><img title="spf_align" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAPRJREFUeNqslMENgzAMRUPEAIzQEWCEHnsqdy4wAWWShgnaC3duPXYE2KCMwAbtt+RUkSnCrfoly8iJH45NiIxQcStSuBqWw5JgaYb1sLY7dGOYEwnAGe5ktuUAahYQAAa41Og1ApTRgw0q+AZASjnPRNyDQZk4wXYillluoqp8SoBVIl5bnoIGsEcP/ISmYC23Yoykq3jbG4Cj0967OFISyzNjc8XNJnckoAAsBkCNfcpKPCgY/yrAj3gWsRJJFy2A8mNuVPkBRL7ZAJB6qqRdWSTwQ/ERtpYvk1vZkCju0Pi/u0PigFMCnAcsfgW//k9eAgwAu4ZeSnNVcOkAAAAASUVORK5CYII=" width="17" /></td> <td>SPF Alignment</td> </tr> <tr> <td><img title="spf_auth" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP1JREFUeNqsVMERgjAQhIwFUAIv31ACT1+mBKkAUwmxA0uIL5+WAG9flkAHeudsZs4QBB125ua4XLJzt0eSJgHu+11BriHTZJlIDWSO7LS9XHt5Jg0IWnLHZB6WiMyIhAg6ckWyHD0RlfyhRAW/EDAKnEtSaNBFNj3I8i+xR6kgYoiak1yyLx1xHdnbKEwhrMBRvzyNiuzMHrFDXkJzO8+YaOKgF57HfYtpp6ZEI2uDtUnxp0i4EhOsGaHRBzb4E7NAk3craIErMIgrTFJOaVAQS4I3aKHBgT1iHRmzW+c/wWWykWQ+E/s71K93dxhYsAsJrCcYPQX/vicvAQYAFFNjwfmXVA0AAAAASUVORK5CYII=" width="17" /></td> <td>SPF Authenticated</td> </tr> <tr> <td><img title="spf_auth" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAPRJREFUeNqslMENgzAMRUPEAIzQEWCEHnsqdy4wAWWShgnaC3duPXYE2KCMwAbtt+RUkSnCrfoly8iJH45NiIxQcStSuBqWw5JgaYb1sLY7dGOYEwnAGe5ktuUAahYQAAa41Og1ApTRgw0q+AZASjnPRNyDQZk4wXYillluoqp8SoBVIl5bnoIGsEcP/ISmYC23Yoykq3jbG4Cj0967OFISyzNjc8XNJnckoAAsBkCNfcpKPCgY/yrAj3gWsRJJFy2A8mNuVPkBRL7ZAJB6qqRdWSTwQ/ERtpYvk1vZkCju0Pi/u0PigFMCnAcsfgW//k9eAgwAu4ZeSnNVcOkAAAAASUVORK5CYII=" width="17" /></td> <td>Strong SPF Record</td> </tr> <tr> <td><img title="dkim_align" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP1JREFUeNqsVMERgjAQhIwFUAIv31ACT1+mBKkAUwmxA0uIL5+WAG9flkAHeudsZs4QBB125ua4XLJzt0eSJgHu+11BriHTZJlIDWSO7LS9XHt5Jg0IWnLHZB6WiMyIhAg6ckWyHD0RlfyhRAW/EDAKnEtSaNBFNj3I8i+xR6kgYoiak1yyLx1xHdnbKEwhrMBRvzyNiuzMHrFDXkJzO8+YaOKgF57HfYtpp6ZEI2uDtUnxp0i4EhOsGaHRBzb4E7NAk3craIErMIgrTFJOaVAQS4I3aKHBgT1iHRmzW+c/wWWykWQ+E/s71K93dxhYsAsJrCcYPQX/vicvAQYAFFNjwfmXVA0AAAAASUVORK5CYII=" width="17" /></td> <td>DKIM Alignment</td> </tr> <tr> <td><img title="dkim_align" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP1JREFUeNqsVMERgjAQhIwFUAIv31ACT1+mBKkAUwmxA0uIL5+WAG9flkAHeudsZs4QBB125ua4XLJzt0eSJgHu+11BriHTZJlIDWSO7LS9XHt5Jg0IWnLHZB6WiMyIhAg6ckWyHD0RlfyhRAW/EDAKnEtSaNBFNj3I8i+xR6kgYoiak1yyLx1xHdnbKEwhrMBRvzyNiuzMHrFDXkJzO8+YaOKgF57HfYtpp6ZEI2uDtUnxp0i4EhOsGaHRBzb4E7NAk3craIErMIgrTFJOaVAQS4I3aKHBgT1iHRmzW+c/wWWykWQ+E/s71K93dxhYsAsJrCcYPQX/vicvAQYAFFNjwfmXVA0AAAAASUVORK5CYII=" width="17" /></td> <td>ARC Verify</td> </tr> </table> </div>",
"template" : "{%- set ok_img = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAPRJREFUeNqslMENgzAMRUPEAIzQEWCEHnsqdy4wAWWShgnaC3duPXYE2KCMwAbtt+RUkSnCrfoly8iJH45NiIxQcStSuBqWw5JgaYb1sLY7dGOYEwnAGe5ktuUAahYQAAa41Og1ApTRgw0q+AZASjnPRNyDQZk4wXYillluoqp8SoBVIl5bnoIGsEcP/ISmYC23Yoykq3jbG4Cj0967OFISyzNjc8XNJnckoAAsBkCNfcpKPCgY/yrAj3gWsRJJFy2A8mNuVPkBRL7ZAJB6qqRdWSTwQ/ERtpYvk1vZkCju0Pi/u0PigFMCnAcsfgW//k9eAgwAu4ZeSnNVcOkAAAAASUVORK5CYII=" -%} {%- set fail_img = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP1JREFUeNqsVMERgjAQhIwFUAIv31ACT1+mBKkAUwmxA0uIL5+WAG9flkAHeudsZs4QBB125ua4XLJzt0eSJgHu+11BriHTZJlIDWSO7LS9XHt5Jg0IWnLHZB6WiMyIhAg6ckWyHD0RlfyhRAW/EDAKnEtSaNBFNj3I8i+xR6kgYoiak1yyLx1xHdnbKEwhrMBRvzyNiuzMHrFDXkJzO8+YaOKgF57HfYtpp6ZEI2uDtUnxp0i4EhOsGaHRBzb4E7NAk3craIErMIgrTFJOaVAQS4I3aKHBgT1iHRmzW+c/wWWykWQ+E/s71K93dxhYsAsJrCcYPQX/vicvAQYAFFNjwfmXVA0AAAAASUVORK5CYII=" -%} <div class="dmarc-compliance"> <table width="100%"> <col style="width:20%"><col style="width:80%"> <tr> <td> {%- if DMARC -%} {%- if DMARC['valid'] -%} <img title="compliant" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="compliant" src="{{ fail_img }}" width="17" /> {%- endif -%} {%- else -%} <img title="compliant" src="{{ fail_img }}" width="17" /> {%- endif -%} </td> <td>DMARC Compliant</td> </tr> <tr> <td> {%- if 'tags' in DMARC and DMARC['tags']['aspf'] == "r" -%} {%- if FromDomain == MFromDomain or FromParentDomain == MFromDomain -%} <img title="spf_align" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="spf_align" src="{{ fail_img }}" width="17" /> {%- endif -%} {%- else -%} {%- if FromDomain == MFromDomain -%} <img title="spf_align" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="spf_align" src="{{ fail_img }}" width="17" /> {%- endif -%} {%- endif -%} </td> <td>SPF Alignment</td> </tr> <tr> <td> {%- if SPF -%} {%- if SPF['Auth'] == True -%} <img title="spf_auth" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="spf_auth" src="{{ fail_img}}" width="17" /> {%- endif -%} {%- else -%} <img title="spf_auth" src="{{ fail_img}}" width="17" /> {%- endif -%} </td> <td>SPF Authenticated</td> </tr> <tr> <td> {%- if StrongSPF == True -%} <img title="spf_auth" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="spf_auth" src="{{ fail_img}}" width="17" /> {%- endif -%} </td> <td>Strong SPF Record</td> </tr> <tr> <td> {%- if DKIMVerify == True -%} <img title="dkim_align" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="dkim_align" src="{{ fail_img }}" width="17" /> {%- endif -%} </td> <td>DKIM Alignment</td> </tr> <tr> <td> {%- if ARCVerify -%} {%- if ARCVerify[result] == True -%} <img title="dkim_align" src="{{ ok_img }}" width="17" /> {%- else -%} <img title="dkim_align" src="{{ fail_img }}" width="17" /> {%- endif -%} {% else %} <img title="dkim_align" src="{{ fail_img }}" width="17" /> {%- endif -%} </td> <td>ARC Verify</td> </tr> </table> </div>"
}

Render Template

Description

Renders a Jinja2 template using a JSON input.

Parameters

Parameter	Type	Default Value	Is Mandatory	Description
JSON Object	JSON	N/A	No	Specify the raw JSON object that will be used to render the template. This value is available as the variable input_json in the jinja template. {“input_json”: {“Entity” : “0.0.0.0”}}
Jinja	Dropdown	JSON	No	Specify the Jinja template code to be rendered. It will override the template parameter. Append \|safe to disable HTML encoding.
Include Case Data	Checkbox	Unchecked	No	If enabled, entity attributes and event data are available in the variables input_json[“SecurityEvents”] and input_json[“SecuritEntities”].
Template	HTML	Email HTML Template	No	Specify the Jinja2 Template to display. It can be a HTML template from “Settings->environment” or added in the content box.

Example

In this scenario, we’re passing a JSON result from VirusTotal from a previous action and returning entity value.

Action Results

Script Result

Script Result Name	Value options	Example
ScriptResult	Output Result	Entity: 0.0.0.26

Render Template from Array

Description

Render Template, but for lists. Loops through a list and applies the Jinja template to each list item.

Parameters

Parameter	Type	Default Value	Is Mandatory	Description
Array Input	Array	[]	No	Point to output from a previous Action that outputs an Array. [“10.10.10.10”]
Jinja	Dropdown	HTML	No	The Jinja template code to render. Will override Template parameters. Append \| safe to disable HTML encoding.
Join	String	,	No	JOIN character between loops to join together.
Prefix	String	N/A	No	Prefix string before output.
Suffix	String	N/A	No	Suffix string after output.

Example

In this scenario, we’re parsing a list of JSONs and returning IP addresses joined by a comma.

Action Results

Script Result
Script Result Name Value options Example
ScriptResult Output Result 0.0.0.0,0.0.0.1

Welcome to

Chronicle SOAR Product Documentation

TemplateEngine

Overview

Actions

Entity Insight

Power Ups

Welcome to

Chronicle SOAR Product Documentation

TemplateEngine

Overview

Actions

Entity Insight

Power Ups

Suggested articles