Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff

Created on ‎09-06-2021 01:35 AM

Article Id 192034

Technical Note: How to know which playbooks are impacted due the Arrow Library update in FortiSOAR 7.0.0 which has changed the timestamp attribute

Description
The FortiSOAR 7.0.0 workflow engine has updated the arrow library due to which the timestamp attribute has been changed to int_timestamp for DateTime jinja expressions. For example, to get the current timestamp, use {{arrow.utcnow().int_timestamp}}.

FortiSOAR version 7.0.0 and later require you to use int_timestamp for DateTime jinja expressions, therefore you need to know which playbooks are impacted due to this change, so that you can update those playbook steps either before or after you upgrade your FortiSOAR instance.

The workflow engine does a best effort handling of auto converting .timestamp to .int_timestamp before running playbooks, so not all playbooks will fail. However, some jinja expressions used might not match the regular expression causing such playbooks to fail; therefore, it is recommended to review and update all the playbooks that are found as a result of the attached script.

Solution
To know which playbooks are impacted due to this change, run the attached PBsImpactedByArrowlibUpdate.sh script file on your FortiSOAR instance.
This creates the "playbooks_using_arrowtimestamp.txt" file with all the playbook step names (and their container workflowName and collectionName) that you require to update either before or after you upgrade your FortiSOAR instance.
Sample content of the "playbooks_using_arrowtimestamp.txt" file is as follows:

-[ RECORD 6 ]--+-----------------------------------------------------------------------------
collectionname | SLA Management Playbooks
workflowname | Alert > Set Assigned Date (upon creation)
stepname | Set Assigned Date

-[ RECORD 7 ]--+-----------------------------------------------------------------------------
collectionname | Schedule Management Playbooks
workflowname | AuditLog Cleanup
stepname | Delete AuditLogs

-[ RECORD 8 ]--+-----------------------------------------------------------------------------
collectionname | War Room Automation
workflowname | Set War Room Live and Notify Responders
stepname | Set status to Live

-[ RECORD 9 ]--+-----------------------------------------------------------------------------
collectionname | War Room Automation
workflowname | Update War Room Close Date
stepname | Update War Room


Preview file
1 KB
Labels:
1125
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.