Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proofpoint TRAP Integration for IBM Resilient - Data enrichment #56

Open
hmnguyen1201 opened this issue Jul 26, 2020 · 1 comment
Open

Proofpoint TRAP Integration for IBM Resilient - Data enrichment #56

hmnguyen1201 opened this issue Jul 26, 2020 · 1 comment

Comments

@hmnguyen1201
Copy link

Description

The original payload from MISP was put into a comment in the Resilient Notes tab and I cannot enrich the data further as it I am not aware of a way to load the json object back from a note then do data massage from it

Describe How to Reproduce

  1. Download the package from https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c44ee787
  2. Configure the connection between resilient circuits and TRAP
  3. When there is a new TRAP incident, Resilient circuit will pull the details and creates a case in Resilient but put the whole json object in the notes.
@breid1313
Copy link

breid1313 commented Sep 2, 2020
edited
Loading

Hello. Thanks for your question! The result payload of the Proofpoint TRAP function should be available to you in the post-processing script of the workflow step you are working with. If the action succeeds, you should be able to work with results["content"] to massage the data to meet your needs.

If you are still encountering issues, I would recommend posting in the community, as there are many more eyes monitoring that forum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@breid1313 @hmnguyen1201