FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Andy_G
Staff
Staff
Article Id 193959
Description

Challenge:

Ingest Alerts to CyOPs through API. For different APIs different output json is received. Keys received in json output has to be segregated and mapped to CyOPs alert fields

Solution:

API output is captured in {{vars.result}} in playbook step. Output json in {{vars.result}} can be stored in variables and variables are used to map keys to field in CyOps Alert.

How to:

1. Create a Playbook with API trigger step

2. Add API end point

3. The output of the API step looks like:

4. The result of an  API call is stored in environment variable called vars.result. It can be referenced as {{  vars.result }}

5. variables are referenced as individual key value from API call output

6. Example:  vars.result.body  , is referencing key body  and we are storing that in a variable api_call_result_body  This way you can reference result of an API call

7. As seen in below screenshot,  api_call_result variable is storing all output / result of an API call

 

8. These variables can be used as inputs to fill the create record step

 

 

 

 


Contributors