Understanding the Playbook and its Components:
The exhibit shows the status of a playbook named "DOS attack" and its associated tasks.
The playbook is designed to execute a series of tasks upon detecting a DoS attack event.
Analysis of Playbook Tasks:
Attach_Data_To_Incident: Task ID placeholder_8fab0102, status is "upstream_failed," meaning it did
not execute properly due to a previous task's failure.
Get Events: Task ID placeholder_fa2a573c, status is "success."
Create SMTP Enumeration incident: Task ID placeholder_3db75c0a, status is "failed."
Reviewing Raw Logs:
The error log shows a ValueError: invalid literal for int() with base 10: '10.200.200.100'.
This error indicates that the task attempted to convert a string (the IP address '10.200.200.100') to an
integer, which is not possible.
Identifying the Source of the Error:
The error occurs in the file "incident_operator.py," specifically in the execute method.
This suggests that the task "Create SMTP Enumeration incident" is the one causing the issue because
it failed to process the data type correctly.
Conclusion:
The failure of the playbook is due to the "Create SMTP Enumeration incident" task receiving a string
value (an IP address) when it expects an integer value. This mismatch in data types leads to the error.
Reference:
Fortinet Documentation on Playbook and Task Configuration.
Python error handling documentation for understanding ValueError.
The DOS attack playbook is configured to create an incident when an event handler generates a
denial-of-ser/ice (DoS) attack event.
Why did the DOS attack playbook fail to execute?
The DOS attack playbook is configured to create an incident when an event handler generates a
denial-of-ser/ice (DoS) attack event.
Why did the DOS attack playbook fail to execute?