V1 - Examples - Basic Information

Basic Information

load resource sentinelOneAgent
let {agentID,asset,username} = f("@sentinelOneAgent.translation")
let {computerName,modelName,mitigationMode,infected,appsVulnerabilityStatus} = f("@sentinelOneAgent")

In this case, all the information are listed in the result table.

How to know what variables does a resource contain is introduced in Appendix-Resource.

Related FPL command: load;f;

Basic Information: wrote in function

Based on the last case, sometimes there’s more than one task we want to do at one time after getting an overview of the database. To do this, we can wrap a module of contexts into a function and use stream to call them.

function s1_infected()
  load resource sentinelOneAgent
  let {agentID} = f("@sentinelOneAgent.translation")
  let {computerName,modelName,mitigationMode,infected,appsVulnerabilityStatus} = f("@sentinelOneAgent")
  aggregate total=count(),infected=count(infected),patchNeeded=count(appsVulnerabilityStatus=="patch_required")
end

function s1_issues()
  load resource sentinelOneAgent
  let {agentID,asset,username} = f("@sentinelOneAgent.translation")
  let {computerName,modelName,mitigationMode,infected,appsVulnerabilityStatus} = f("@sentinelOneAgent")
  where infected==true or appsVulnerabilityStatus=="patch_required"
end
 
stream infected_systems=s1_infected()
stream issues=s1_issues()

In this case, there are two functions. The first is to extract the total number of records, the total number of records identified as infected, and the total number of records which need patch. The second one is to display the records identified as infected or requiring patch.

Related FPL command: load;f;where;aggregate;stream

V1 - Examples - Basic Information

Basic Information​

Basic Information: wrote in function​

Basic Information

Basic Information: wrote in function