GetInstances

Returns integration instances configured in Cortex XSOAR. You can filter by instance status and/or brand name (vendor).

Script Data


NameDescription
Script Typepython3
Tags
Demisto Version5.0.0

Inputs


Argument NameDescription
brandBrand name to filter instances by.
instance_statusInstance status to filter instances by. Can be "active", "disabled", or "both". Default is "active".

Outputs


PathDescriptionType
Modules.nameThe instance name.string
Modules.categoryThe instance category.string
Modules.defaultIgnoredTrue if the instance avilable by default, otherwise false.string
Modules.stateTrue if the instance is enabled, otherwise false.string
Modules.brandThe instance brand.string

Script Example

!GetInstances

Context Example

{
"Modules": [
{
"brand": "EWS v2",
"category": "Messaging",
"defaultIgnored": "false",
"name": "EWS v2_instance_1",
"state": "active"
},
{
"brand": "Elasticsearch v2",
"category": "Database",
"defaultIgnored": "false",
"name": "Elasticsearch v2_instance_1",
"state": "active"
},
{
"brand": "Elasticsearch v2",
"category": "Database",
"defaultIgnored": "false",
"name": "Elasticsearch v2_instance_2",
"state": "disabled"
},
{
"brand": "Rapid7 Nexpose",
"category": "Vulnerability Management",
"defaultIgnored": "false",
"name": "Rapid7 Nexpose_instance_1",
"state": "active"
},
{
"brand": "activedir-login",
"category": "Messaging",
"defaultIgnored": "false",
"name": "ad-login",
"state": "active"
},
{
"brand": "activedir",
"category": "Data Enrichment & Threat Intelligence",
"defaultIgnored": "false",
"name": "ad-query",
"state": "active"
},
{
"brand": "d2",
"category": "Endpoint",
"defaultIgnored": "false",
"name": "d2",
"state": "active"
},
{
"brand": "splunk",
"category": "Analytics & SIEM",
"defaultIgnored": "false",
"name": "splunk",
"state": "active"
}
]
}

Human Readable Output

Results

brandcategorydefaultIgnorednamestate
EWS v2MessagingfalseEWS v2_instance_1active
Elasticsearch v2DatabasefalseElasticsearch v2_instance_1active
Elasticsearch v2DatabasefalseElasticsearch v2_instance_2disabled
Rapid7 NexposeVulnerability ManagementfalseRapid7 Nexpose_instance_1active
activedir-loginMessagingfalsead-loginactive
activedirData Enrichment & Threat Intelligencefalsead-queryactive
d2Endpointfalsed2active
splunkAnalytics & SIEMfalsesplunkactive