03-24-2021 09:10 AM
Hello,
I am a noob in XSOAR, so if I am missing something obvious, my apologies.
I am working on a implementation where the system owner has set up a custom incident type for their Microsoft Security Graph API. The idea is now to do the mapping and I am stuck. The JSON contains the classic key value pairs but some of the values are actually arrays with dictionaries in them. For example
hostStates:[{"fqdn":"host.domain.example","isAzureAdJoined":"false",...}]
I would like to map the Hostnames field to the fqdn but I have no clue how to. I tried a couple of things already (hostStates.fqdn and hostStates[0]['fqdn']) without success.
I noticed that in the examples I found online everybody has a nice key:value, nothing like what I am trying to do so this makes me wonder if what I am trying to do is actually possible via the web interface.
Like I said, this is a new tool for me and so every day I am learning something new.
Kind regards,
Erik
03-24-2021 09:29 AM
Like I said, I am a beginner and when I discussed it with a coworker he pointed out to an automation that didn't take into account the recursion. This topic can thus be considered closed.
03-24-2021 09:29 AM
Like I said, I am a beginner and when I discussed it with a coworker he pointed out to an automation that didn't take into account the recursion. This topic can thus be considered closed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
