Function not executing inside of UDInput

Universal Dashboard Universal Dashboard Help
1

I have a new project I’m working on which creates a threat-hunting dashboard. I’ve run in to an early problem where a function New-OTXIPv4Lookup is not working in one of my inputs, but a second function New-DNSLookup is working just find in the column before it.

Any help would be appreciated. I’m receiving the message ‘Object Reference not set to an instance of an object’ when I try to execute submit the input. When I run the function in the CLI, it works just fine.

They seem to be created in the same sort of way but one works and the other doesn’t, I have no idea why.

. ./keys.ps1

function New-DNSLookup {
    param($dns_query)
    Resolve-DnsName -Name $dns_query
}

function New-OTXIPv4Lookup { #THIS IS THE ONE WHICH DOESN'T WORK
    param($otx_ip)
    $headers = @{ "X-OTX-API-KEY" = $OTX_api}
    $Response = Invoke-RestMethod -URI "https://otx.alienvault.com/api/v1/indicators/IPv4/$otx_ip/reputation" -Headers $headers
    If (-not $Response.reputation) { #Just handling empty strings here
        $Response.reputation = "No malicious activity known"
    }
    If (-not $Response) {
        $Response = "asdf"
    }
    return $Response
}

$Endpoints = New-UDEndpointInitialization -Function @("New-DNSLookup","New-OTXIPv4Lookup")

$HomePage = New-UDPage -Name "Threat Intel" -icon signal -Content {
    New-UDRow -Endpoint {
        New-UDColumn -Size 4 -Content {
            New-UDInput -Title "Enter DNS Name" -Endpoint {
                param($dns_lookup)
                $x = New-DNSLookup -dns_query $dns_lookup
                Set-UDElement -id "dns_result" -Content {$x.IPAddress}
            }
        }
        New-UDColumn -Size 8 -Content {
            New-UDCard -Content {
            New-UDElement -tag div -id "dns_result" -Content {"Response will show up here"}
             }
        }
    }
    New-UDRow -Endpoint {
        New-UDColumn -size 4 -Content {
            New-UDInput -Title "OTX IP Indicator Lookup" -Endpoint { #THIS IS THE ONE WHICH DOESN'T WORK
                param($otx_ip_lookup)
                $y = New-OTXIPv4Lookup -otx_ip $otx_ip_lookup
                Set-UDElement -id "OTX_ip_response" -Content {$y}
                }
            }
        New-UDColumn -Size 8 -Content {
            New-UDCard -Content {
                New-UDElement -tag div -id "OTX_ip_response" -Content {"Response will show up here"}
            }
        }
    }
}

$mydashboard = New-UDDashboard -Pages $HomePage -EndpointInitialization $Endpoints

Start-UDDashboard -Port 1000 -Dashboard $MyDashboard

image
image.png1913×1947 145 KB

One returns as an array and the other as a pscustomobject. Though I’ve also tried having the pscustomobject return as a string by just calling the attribute with no luck.

image
image.png1183×335 10.8 KB

2

the error came from $headers in the invokeRestMethod
$OTX_api from where the value of this variable come from?

i created new api key in this site and test your function, its work.
this is your function inside my dashboard

        New-UDRow -Endpoint {
            New-UDColumn -size 4 -Content {
                New-UDInput -Title "OTX IP Indicator Lookup" -Endpoint { #THIS IS THE ONE WHICH DOESN'T WORK
                    param($otx_ip_lookup)
                    $y = New-OTXIPv4Lookup -otx_ip $otx_ip_lookup
                    Set-UDElement -id "OTX_ip_response" -Content {$y.reputation} 
                    } 
                }
            New-UDColumn -Size 8 -Content {
                New-UDCard -Content {
                    New-UDElement -tag div -id "OTX_ip_response" -Content {"Response will show up here"}
                }
            }
        }
        

    function New-OTXIPv4Lookup { #THIS IS THE ONE WHICH DOESN'T WORK
        param($otx_ip)
        $headers = @{ "X-OTX-API-KEY" = '44efee7b0532e6d2ecac49a31288b9983ec4df6e74b39d178f18dbae2f79eccc '}
        $Response = Invoke-RestMethod -URI "https://otx.alienvault.com/api/v1/indicators/IPv4/$otx_ip/reputation" -Headers $headers
        If (-not $Response.reputation) { #Just handling empty strings here
            $Response.reputation = "No malicious activity known"
        }
        If (-not $Response) {
            $Response = "asdf"
        }
        return $Response
    }
1 Like
3

I’m pulling the varaibles from this file which is sorced at the top of my program:

. ./keys.ps1

I’m trying this now and getting a react error which is improvement. I fixed that by putting:

$answer = $y.reputation"

And then putting -Content {$answer} and this seems to be giving me an actual answer. It looks like you can’t give it a property/attribute of an object in some cases perhaps? I’ll experiment some more.

Thanks for your help

4

I’m not entirely sure, but you mention dot-sourcing your variables in ./keys.ps1 which would make it available for cmdlets in your dashboard.ps1 file, but not the endpoint runspaces (unless I’m mistaken here) You’d need to declare those in New-UDendpointInitialization using the -Varible parameter to be available in ud endpoints.

1 Like
5

I’ll give it a shot, thanks.

6

As a test, you could dot source it on the runspace endpoint block itself and see if that’s the issue.