Comparing output results

pmcneil1 · January 19, 2026, 9:08pm

I’m working on a workflow, which is meant to look for users who haven’t signed into an application within the last year. The application uses SSO and access is controlled by AD group membership.

So I have an action that runs an LDAP query against the relevant AD group, and a following action which runs an IDR query against the SSO logs from Entra, to show me all the sign ins to that application from within the last year.

What I’m struggling with now, is how to make the workflow compare the two outputs and spit out the people who are in the LDAP query’s output, but not the IDR query’s output.

Has anyone done something like this in the past.

mmarsili · January 19, 2026, 10:13pm

Hello @pmcneil1

You haven’t mentioned what data type your LDAP query or IDR query are returning, or perhaps some sample datasets, however you should probably have a look at the Type Converter Plugin : Rapid7 Extensions

Maybe you can use that plugin to convert between types and to ultimately end up with 2 arrays and use the Array Diff to compare the outputs as seen below?

Failing that, there is always the Python script method.

Let us know how you make out?

cheers

Marco