cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Output JSON for Incident Mapping

L1 Bithead

Hi all,

We have several incidents that we need to work on the mapping of, but they are relatively rare and are not pulled from the (SplunkPy) integration often enough that they are in any of the events that we get when we do the mapping (6.0) and pull from the integration.

 

They have been classified correctly, and we have several instances in XSOAR, so what we would like to do is to export the JSON from an existing incident and load it into the mapper to map the fields. 

 

We've tried several commands (PrintContext and DumpJSON) but neither seem to give us the incident entries.

 

How can we best export events as JSON to load into the mapper and map fields?

 

Thanks,

Sean

Who rated this post