Solved: Re: SOAR IDE and JSON Output

mccrilb · 04-04-2024 04:55 AM

I have been writing several of my own IDE integrations. I have not had issues with the ones that require just an action and a simple response. However, I have not figured out how to get the JSON output to work where I can use the JSON picker with the next function.

Is there any documentation on how to do this? Does anyone have any tips?

mikewilusz

You can use the below to add your JSON as an output. In my example r_json is my dict object.

siemplify.result.add_result_json(r_json)

View solution in original post

mccrilb

I found a function in the Tools that will allow me to do this in a playbook. Buffer that will take a sting input and format it to JSON.

View solution in original post

mikewilusz

You can use the below to add your JSON as an output. In my example r_json is my dict object.

siemplify.result.add_result_json(r_json)

pigram86

any json output or specific to Chronicle SIEM? are you using as part of a condition in the flow [event.<whatever>] = (whatever you need). depends on the use case.

mccrilb

I am writing functions in the IDE for the SOAR.

mccrilb

I found a function in the Tools that will allow me to do this in a playbook. Buffer that will take a sting input and format it to JSON.