Proofpoint TRAP Integration for IBM Resilient - Data enrichment

ibmresilient / resilient-community-apps

Source code for IBM SOAR Apps that are available on our App Exchange

https://ibm.biz/soar-apps-docs

MIT License

88 stars 96 forks source link

Proofpoint TRAP Integration for IBM Resilient - Data enrichment #56

Open hmnguyen1201 opened 4 years ago

hmnguyen1201 commented 4 years ago

Description

The original payload from MISP was put into a comment in the Resilient Notes tab and I cannot enrich the data further as it I am not aware of a way to load the json object back from a note then do data massage from it

Describe How to Reproduce

Download the package from https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c44ee787
Configure the connection between resilient circuits and TRAP
When there is a new TRAP incident, Resilient circuit will pull the details and creates a case in Resilient but put the whole json object in the notes.

breid1313 commented 4 years ago

Hello. Thanks for your question! The result payload of the Proofpoint TRAP function should be available to you in the post-processing script of the workflow step you are working with. If the action succeeds, you should be able to work with results["content"] to massage the data to meet your needs.

If you are still encountering issues, I would recommend posting in the community, as there are many more eyes monitoring that forum.