I am a noob in XSOAR, so if I am missing something obvious, my apologies.
I am working on a implementation where the system owner has set up a custom incident type for their Microsoft Security Graph API. The idea is now to do the mapping and I am stuck. The JSON contains the classic key value pairs but some of the values are actually arrays with dictionaries in them. For example
I would like to map the Hostnames field to the fqdn but I have no clue how to. I tried a couple of things already (hostStates.fqdn and hostStates['fqdn']) without success.
I noticed that in the examples I found online everybody has a nice key:value, nothing like what I am trying to do so this makes me wonder if what I am trying to do is actually possible via the web interface.
Like I said, this is a new tool for me and so every day I am learning something new.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!