Rule/Action name inside scripts/workflows

To create workflows referencing (or evaluating conditions from) rule/action names it would be great if the object "event.message" (passed to the function handler) could be available from inside the script/workflows (for example: an user triggers a workflow using a menu item rule, this can enable the workflow to export the triggered rule name)

  • Guest
  • Jan 25 2021
  • Under review
  • Guest commented
    1 Feb 04:34pm

    the final goal would be to know which menu item rule called a workflow/script (also when, and by who, would be a plus), since one workflow can be called from multiple menu item rules. for example i could create a re-usable workflow to send an email with the triggered action name, and relative object (incident, artifact, etc) details. Another use case would be to create a re-usable workflow (that can be triggered from multiple rules) that, based on the rule name and/or the user principal, performs different things (for ex: "blacklist IOC's" vs "check blacklist status")

  • Admin
    MICHAEL LYONS commented
    1 Feb 04:16pm

    What exactly are you trying to use the rule name for? Is that to identify what path the workflow was called from? Or some other reason?

  • Guest commented
    1 Feb 02:00pm

    Yes. the ask is to have the rule name into a variable (such as "") it may be something like "rule.rule_name".

    I Hope this clarifies the point.

  • Admin
    MICHAEL LYONS commented
    1 Feb 01:38pm

    Is the ask to have the rule name be passed as a parameter into workflows? If not, could we get some clarification on what the ask is? A specific use case would help understand the ask as well.