Mapping the Microsoft Security Graph to a custom incident type

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Mapping the Microsoft Security Graph to a custom incident type

L0 Member

Hello,

 

I am a noob in XSOAR, so if I am missing something obvious, my apologies.


I am working on a implementation where the system owner has set up a custom incident type for their Microsoft Security Graph API. The idea is now to do the mapping and I am stuck. The JSON contains the classic key value pairs but some of the values are actually arrays with dictionaries in them. For example

 

hostStates:[{"fqdn":"host.domain.example","isAzureAdJoined":"false",...}]

 

I would like to map the Hostnames field to the fqdn but I have no clue how to. I tried a couple of things already (hostStates.fqdn and hostStates[0]['fqdn']) without success.

I noticed that in the examples I found online everybody has a nice key:value, nothing like what I am trying to do so this makes me wonder if what I am trying to do is actually possible via the web interface.

 

Like I said, this is a new tool for me and so every day I am learning something new.

 

Kind regards,

Erik

1 accepted solution

Accepted Solutions

L0 Member

Like I said, I am a beginner and when I discussed it with a coworker he pointed out to an automation that didn't take into account the recursion. This topic can thus be considered closed.

View solution in original post

1 REPLY 1

L0 Member

Like I said, I am a beginner and when I discussed it with a coworker he pointed out to an automation that didn't take into account the recursion. This topic can thus be considered closed.

  • 1 accepted solution
  • 2570 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!