Last active
January 21, 2021 19:58
-
-
Save cmcdevitt/24f660eda34a2dd9e5bebd4ca543b099 to your computer and use it in GitHub Desktop.
Scripted REST Web Service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) { | |
| var caller; //Manadatory ServiceNow User | |
| var cmdb_ci; //Manadatory Varies need to provide list | |
| var shor_description; //Manadatory text 40 charters | |
| var company; //Manadatory "xxx | xxxx | xxx | xxxx" | |
| var requestBody = request.body; | |
| var requestData = requestBody.data; | |
| if(requestData instanceof Array){ | |
| //test for multiple body objects / JSON To-do loop through incoming object? | |
| caller = requestData[0].caller; | |
| contact_type = requestData[0].contact_type; | |
| cmdb_ci = requestData[0].cmdb_ci; | |
| company = requestData[0].company; | |
| description = requestData[0].description; | |
| short_description = requestData[0].short_description; | |
| u_rq_ticket_id = requestData[0].u_rq_ticket_id; | |
| u_rq_caller = requestData[0].u_rq_caller; | |
| u_rq_source = requestData[0].u_rq_source; | |
| u_rq_priority = requestData[0].u_rq_priority; | |
| u_rq_category = requestData[0].u_rq_category; | |
| u_rq_subcategory = requestData[0].u_rq_subcategory; | |
| //u_rq_close_code = requestData[0].u_rq_close_code; | |
| u_rq_opened = requestData[0].u_rq_opened; | |
| u_rq_assignment_group = requestData[0].u_rq_assignment_group; | |
| u_rq_assigned_to = requestData[0].u_rq_assigned_to; | |
| u_rq_child_ticket = requestData[0].u_rq_child_ticket; | |
| u_rq_detection_source = requestData[0].u_rq_detection_source; | |
| //u_rq_close_by = requestData[0].u_rq_close_by; | |
| //SIEM Data | |
| u_event = requestData[0].u_event; | |
| u_source_ip = requestData[0].u_source_ip; | |
| u_source_url = requestData[0].u_source_url; | |
| u_source_port = requestData[0].u_source_port; | |
| u_source_host = requestData[0].u_source_host; | |
| u_source_domain = requestData[0].u_source_domain; | |
| u_source_geo = requestData[0].u_source_geo; | |
| u_file_name = requestData[0].u_file_name; | |
| u_file_path = requestData[0].u_file_path; | |
| u_process_name = requestData[0].u_process_name; | |
| u_log_source = requestData[0].u_log_source; | |
| u_act = requestData[0].u_act; | |
| u_offense = requestData[0].u_offense; | |
| u_destination_ip = requestData[0].u_destination_ip; | |
| u_destination_url = requestData[0].u_destination_url; | |
| u_destination_port = requestData[0].u_destination_port ; | |
| u_destination_host = requestData[0].u_destination_host; | |
| u_destination_domain = requestData[0].u_destination_domain; | |
| u_impacted_user = requestData[0].u_impacted_user; | |
| u_destination_geo = requestData[0].u_destination_geo; | |
| u_malware = requestData[0].u_malware; | |
| u_filehash = requestData[0].u_filehash; | |
| u_mac_address = requestData[0].u_mac_address; | |
| }else{ | |
| caller = requestData.caller; | |
| contact_type = requestData.contact_type; | |
| cmdb_ci = requestData.cmdb_ci; | |
| company = requestData.company; | |
| description = requestData.description; | |
| short_description = requestData.short_description; | |
| u_rq_ticket_id = requestData.u_rq_ticket_id; | |
| u_rq_caller = requestData.u_rq_caller; | |
| u_rq_source = requestData.u_rq_source; | |
| u_rq_priority = requestData.u_rq_priority; | |
| u_rq_category = requestData.u_rq_category; | |
| u_rq_subcategory = requestData.u_rq_subcategory; | |
| //u_rq_close_code = requestData.u_rq_close_code; | |
| u_rq_opened = requestData.u_rq_opened; | |
| u_rq_assignment_group = requestData.u_rq_assignment_group; | |
| u_rq_assigned_to = requestData.u_rq_assigned_to; | |
| u_rq_child_ticket = requestData.u_rq_child_ticket; | |
| u_rq_detection_source = requestData.u_rq_detection_source; | |
| //u_rq_close_by = requestData.u_rq_close_by; | |
| //SIEM Data | |
| u_event = requestData.u_event; | |
| u_source_ip = requestData.u_source_ip; | |
| u_source_url = requestData.u_source_url; | |
| u_source_port = requestData.u_source_port; | |
| u_source_host = requestData.u_source_host; | |
| u_source_domain = requestData.u_source_domain; | |
| u_source_geo = requestData.u_source_geo; | |
| u_file_name = requestData.u_file_name; | |
| u_file_path = requestData.u_file_path; | |
| u_process_name = requestData.u_process_name; | |
| u_log_source = requestData.u_log_source; | |
| u_act = requestData.u_act; | |
| u_offense = requestData.u_offense; | |
| u_destination_ip = requestData.u_destination_ip; | |
| u_destination_url = requestData.u_destination_url; | |
| u_destination_port = requestData.u_destination_port ; | |
| u_destination_host = requestData.u_destination_host; | |
| u_destination_domain = requestData.u_destination_domain; | |
| u_impacted_user = requestData.u_impacted_user; | |
| u_destination_geo = requestData.u_destination_geo; | |
| u_malware = requestData.u_malware; | |
| u_filehash = requestData.u_filehash; | |
| u_mac_address = requestData.u_mac_address; | |
| } | |
| //Test ACG manadatory fields | |
| //Manadatory: Caller, Configuration Item, Short Description, Company | |
| //ToDo Caller should be an ACG account | |
| var missingMandatoryFields = []; | |
| if(caller === ""){ | |
| missingMandatoryFields.push('caller'); | |
| } | |
| /* | |
| if (cmdb_ci === ""){ | |
| missingMandatoryFields.push('cmdb_ci'); | |
| } | |
| */ | |
| if (short_description === ""){ | |
| missingMandatoryFields.push('short_description'); | |
| } | |
| if (company === ""){ | |
| missingMandatoryFields.push('company'); | |
| } | |
| if(missingMandatoryFields != 0){ | |
| var errorString = 'The requst is missing the following manadatory field(s): '; | |
| missingMandatoryFields.forEach(function(element) { | |
| errorString += element + " , "; | |
| }); | |
| return new sn_ws_err.BadRequestError(errorString); | |
| } | |
| //Create Security Incident | |
| var incidentSysID = ''; | |
| try{ | |
| var gr = new GlideRecord('sn_si_incident'); | |
| gr.initialize(); | |
| gr.caller = caller; | |
| gr.contact_type = contact_type; | |
| gr.cmdb_ci.setDisplayValue(cmdb_ci); | |
| //gr.company = company; | |
| gr.company.setDisplayValue(company); | |
| gr.description = description; | |
| gr.short_description = short_description; | |
| gr.u_rq_ticket_id = u_rq_ticket_id; | |
| gr.u_rq_caller = u_rq_caller; | |
| gr.u_rq_source = u_rq_source; | |
| gr.u_rq_priority = u_rq_priority; | |
| gr.u_rq_category = u_rq_category; | |
| gr.u_rq_subcategory = u_rq_subcategory; | |
| //gr.u_rq_close_code = u_rq_close_code; | |
| gr.u_rq_opened = u_rq_opened; | |
| gr.u_rq_assignment_group = u_rq_assignment_group; | |
| gr.u_rq_assigned_to = u_rq_assigned_to; | |
| gr.u_rq_child_ticket = u_rq_child_ticket; | |
| gr.u_rq_detection_source = u_rq_detection_source; | |
| //gr.u_rq_close_by = u_rq_close_by; | |
| //SEIM Data | |
| gr.u_event = u_event; | |
| gr.u_source_ip = u_source_ip; | |
| gr.u_source_url = u_source_url; | |
| gr.u_source_port = u_source_port; | |
| gr.u_source_host = u_source_host; | |
| gr.u_source_domain = u_source_domain; | |
| gr.u_source_geo = u_source_geo; | |
| gr.u_file_name = u_file_name; | |
| gr.u_file_path = u_file_path; | |
| gr.u_process_name = u_process_name; | |
| gr.u_log_source = u_log_source; | |
| gr.u_act = u_act; | |
| gr.u_offense = u_offense; | |
| gr.u_destination_ip = u_destination_ip; | |
| gr.u_destination_url = u_destination_url; | |
| gr.u_destination_port = u_destination_port ; | |
| gr.u_destination_host = u_destination_host; | |
| gr.u_destination_domain = u_destination_domain; | |
| gr.u_impacted_user = u_impacted_user; | |
| gr.u_destination_geo = u_destination_geo; | |
| gr.u_malware = u_malware; | |
| gr.u_filehash = u_filehash; | |
| gr.u_mac_address = u_mac_address; | |
| //Now Create the Security Incident and save sys_id to lookup Security Incident Number | |
| incidentSysID = gr.insert(); | |
| } catch(e){ | |
| var error = new sn_ws_err.ServiceError(); | |
| error.setStatus(500); | |
| error.setDetail("Create Record Failed"); | |
| error.setMessage("Failed to create (Short Description):" + short_description); | |
| //Write to Log | |
| gs.error("Failed to create Security Incident: " + e.message); | |
| //Send HTTP 500 Stautus | |
| return error; | |
| } | |
| //Loookup newely created Security Incident so we can send it back in the response | |
| var incidentNumber = ''; | |
| try{ | |
| var grlu = new GlideRecord('sn_si_incident'); | |
| grlu.initialize(); | |
| grlu.addQuery('sys_id','=',incidentSysID); | |
| grlu.query(); | |
| if(grlu.next()){ | |
| //gs.error("Inside next()" + grlu.number + " : " + grlu); | |
| //this is where we return the result, i.e. the Security Incident Number | |
| //var num = grlu.number; | |
| //var incNum = {'Security Incident:' : grlu.number.toString()}; //Return object | |
| //var incNum = "Security Incident " + grlu.number; //This works becouse num is cast into a string | |
| var incNum = grlu.number.toString(); | |
| response.setStatus(201); | |
| return incNum; | |
| }else{ | |
| //Send sys_id if we can't find the security incident | |
| return incidentSysID; | |
| } | |
| }catch(e){ | |
| var error = new sn_ws_err.ServiceError(); | |
| error.setStatus(500); | |
| error.setDetail("Failed to find newely created Security Incident"); | |
| error.setMessage("Failed to find:" + short_description); | |
| gs.error("Failed to find sys_id: " + incidentSysID + " : " + e.message); | |
| //Send 500 Error | |
| return error; | |
| } | |
| })(request, response); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment