Proofpoint TRAP Integration for IBM Resilient - Data enrichment

[hmnguyen1201]

Description

The original payload from MISP was put into a comment in the Resilient Notes tab and I cannot enrich the data further as it I am not aware of a way to load the json object back from a note then do data massage from it

Describe How to Reproduce

1. Download the package from https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c44ee787
2. Configure the connection between resilient circuits and TRAP
3. When there is a new TRAP incident, Resilient circuit will pull the details and creates a case in Resilient but put the whole json object in the notes.

[breid1313]

Hello. Thanks for your question! The result payload of the Proofpoint TRAP function should be available to you in the post-processing script of the workflow step you are working with. If the action succeeds, you should be able to work with results["content"] to massage the data to meet your needs.

If you are still encountering issues, I would recommend posting in the community, as there are many more eyes monitoring that forum.