This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Flow condition in Chronicle SOAR not working

Posted on 01-15-2025 11:59 AM
vanitharaj1208
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi All,

I have a block for log collection, where I am using a flow to check whether the UDM action JSON is not empty. If it isn't, I add a CSV case wall attachment. However, I noticed that the UDM result is empty, yet it is still routing to branch one, even though the condition is set to proceed only if the JSON is not empty.

vanitharaj1208_0-1736970959895.pngvanitharaj1208_1-1736971016927.png

 

 

Solved Solved
0 6 389
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
In response to malzahnOptiv
Reply posted on --/--/---- --:-- AM

JSON Result might still exist as empty list, which I believe is the situation here. So, if you want to create a stable condition, then my suggestion would be to do:

ylandovskyy_0-1747822868804.png

As "{" will only exist if JSON Result contains an actual JSON object inside of it.

 

View solution in original post

Jump to Solution
6 REPLIES 6
Top Solution Authors
View all