Set
This Script is part of the Common Scripts Pack.#
Set a value in context under the key you entered.
Script Data#
| Name | Description |
|---|---|
| Script Type | javascript |
| Tags | Utility |
Used In#
Sample usage of this script can be found in the following playbooks and scripts.
- Arcsight - Get events related to the Case
- Detonate File - BitDam
- Endace Search Archive Download PCAP v2
- Illinois - Breach Notification
- Illusive - Incident Escalation
- Malware Investigation - Generic - Setup
- QRadar - Get offense correlations v2
- QRadar Indicator Hunting
- SafeBreach - Create Incidents per Insight and Associate Indicators
- Wait Until Datetime
Inputs#
| Argument Name | Description |
|---|---|
| key | The key to set. Can be a full path such as "Key.ID". If using append=true can also use a DT selector such as "Data(val.ID == obj.ID)". |
| value | The value to set to the key. Can be an array (e.g. ["192.168.1.1","192.168.1.2"]) or JSON (e.g. {"key":"value"}). |
| append | If false then the context key will be overwritten. If set to true then the script will append to existing context key. |
| stringify | Whether the argument should be saved as a string. |
Outputs#
There are no outputs for this script.
Script Example#
!Set key="Data(val.ID == obj.ID)" value=`{"ID": "test_id", "Value": "test_val2"}` append="true"
Context Example#
Human Readable Output#
Key Data(val.ID == obj.ID) set
Known Limitations#
The script has some limitations with appending to the context in different cases and formats:
- The value argument can't be larger than 25MB. In general, it is not recommended to ingest large data to context values.
- When append is set to
false- the script will not support dt operations given as part of the key argument. - When Set is called from within another script - if append is set tot
trueit is necessary to manually return the results given by thedemisto.executeCommand, for the context update to take place. For example: