In an artifact card, I’m having trouble trying to iterate through two arrays simultaneously to combine the “explanation” data from panel_evidence_summary with the corresponding alert data from panel_status. Well, it works fine if there’s only one new alert. But I’m trying to account for multiple alerts returned.
In this example I’m trying to combine around a dozen alerts.
Current artifact card:
## Status
{{#each ["Get New Alerts"]}}
{{#with panel_status}}
{{#each .}}
`Label` = {{case_rule_label}}
`Created` = {{created}}
`Status` = {{status}}
`Entity` = {{entity_name}}
{{/each}}
{{/with}}
{{/each}}
## Explanation
{{#each ["Get New Alerts"]}}
{{#with panel_evidence_summary}}
{{#each .}}
`Explanation` = {{explanation}}
{{/each}}
{{/with}}
{{/each}}
Method 1 (does not work, it seems we don’t have the ability to manually manage the index):
{{#each ["Get New Alerts"]}}
{{#with panel_status}}
{{#each .}}
`Label` = {{case_rule_label}}
`Created` = {{created}}
`Status` = {{status}}
`Entity` = {{entity_name}}
{{!-- Use a variable to manually manage the index --}}
{{#with @index=index}}
{{!-- Use the same index to access the corresponding item in panel_evidence_summary --}}
{{#with ../../panel_evidence_summary.[index]}}
`Explanation`: {{explanation}}
{{/with}}
{{/with}}
{{/each}}
{{/with}}
{{/each}}
Method 2 (does not work):
{{#each ["Get New Alerts"]}}
{{#with panel_status}}
{{#each .}}
`Label`: {{case_rule_label}}
`Created`: {{created}}
`Status`: {{status}}
`Entity`: {{entity_name}}
{{!-- Find the corresponding explanation --}}
{{#with ../../panel_evidence_summary.[@index]}}
`Explanation`: {{explanation}}
{{/with}}
{{/each}}
{{/with}}
{{/each}}
Method 3 (does not work):
{{#each ["Get New Alerts"]}}
{{#with panel_status}}
{{#each .}}
`Label`: {{case_rule_label}}
`Created`: {{created}}
`Status`: {{status}}
`Entity`: {{entity_name}}
{{#with ../../panel_evidence_summary}}
{{#with @index}}
`Explanation`: {{explanation}}
{{/with}}
{{/with}}
{{/each}}
{{/with}}
{{/each}}
Method 3 results (I want the first item in the array to match with the first alert, I don’t want the entire array):
Explanation: ["Alert was created as a result of a match in the similar domains query","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a triggered typosquat detection","Alert was created as a result of a triggered typosquat detection","Alert was created as a result of a triggered typosquat detection","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a triggered typosquat detection","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a match in the similar domains query","Alert was created as a result of a match in the similar domains query"]
Method 4 (does not work):
{{#each ["Get New Alerts"]}}
{{#with panel_status}}
{{#each .}}
`Label`: {{case_rule_label}}
`Created`: {{created}}
`Status`: {{status}}
`Entity`: {{entity_name}}
{{#with ../../panel_evidence_summary}}
{{#each .}}
`Explanation`: {{explanation}}
{{/each}}
{{/with}}
{{/each}}
{{/with}}
{{/each}}
Method 4 results:
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a triggered typosquat detection
Explanation: Alert was created as a result of a triggered typosquat detection
Explanation: Alert was created as a result of a triggered typosquat detection
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a triggered typosquat detection
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a match in the similar domains query
Explanation: Alert was created as a result of a match in the similar domains query
Any ideas what to do?
Thank you!