How is it possible to extract specific information from a string/object in a workflow?
Currently I have a workflow setup that triggers when a custom IDR alert is generated. I am trying to pull some specific fields from this alert that is then sent into a teams channel, for example in the below screenshot I am trying to pull the source_ip, service, geoip_city, geoip_country_code, geoip_country_name, geoip_organization, geoip_region and user_agent
I have managed to import a ExtractIt plugin which works for the IP address and email but I am unable to locate anything for custom values as mentioned above.
You should be able to pull it out via JSON. I use JSON Parser (https://jsonparser.org/) to break up my JSON and then find what I need that way. It makes it easier to step through the JSON and find exactly what you are looking for. But it should be something like {{[customtrigger].[geoip_city]}} to reference the value you are needing.
Thanks for the reply, the jsonparser will come in handy. I have tried specifying the specific JSON value i need (for example I tried to set the value as {{[“Outside UK Trigger”].[geoip_city]}}) but this does not seem to pull anything through. The workflow does not fail, just doesn’t post any value.
(Info blanked)
Does this need to be any specific format for it to be sent, or is there a specific plugin that would be able to do this? I am currently trying with the teams send HTML message
