Hey there R7 community.
Big picture, I am creating a workflow that creates a Jira ticket for all adjusted high and critical vulnerabilities via an initial SurfaceCommand query. However SurfaceCommand atm doesn’t have access to the solution for given vulnerability. So, I need to then run a IVM query with an input parameter of an array of vulnerability IDs. I have a few questions, and can ask in different threads if that is best, just let me know.
The first step is to retrieve the SC saved query
The SC query step “Get-Adjusted-Vulns” output is set to
However, when I test run the WF, the array is named items, not Vulns
Not that big a deal, but for future steps, I need this named something different to prevent collisions. I thought I would name it as a input parameter in the next step which is a decision, but I can’t seem to add an input to it. How do I name the output properly?
As long as vulnerabilities are returned, I need to retrieve all the vulnerability IDs to then pass as a parameter to an IVM query to retrieve the solutions for each vulnerability. Combing through the discussion board I see I can use python or JQ. I feel like JQ is the easiest way to a single key.
Must I do a loop or can JQ create an array of the $item.[“Vulnerability ID”]? If I must do a loop, what is the syntax to reference the key and add it to a separate array as an output? I saw the for #each helpers but the saw now actual examples. I also downloaded several workflows to just to see how they did it, but all of them are using ExtractIt. I saw the ExtractIt plugin but this doesn’t fit.
sorry to update my post . . i believe i am misunderstanding the how my jq step is supposed to work. i want it to return a json array of maps see below for what i am going for. and for some reason not able to insert a screen shot. Should i be using the jq step type or a step where i can type out my jq commands? If using the jq step, i don’t see how to save the vulnIDs to a new array. if anyone has a link to a video or plugin that is doing something similar would be much appreciated
To save everyone’s time - my mistake was not reading the test pane properly. Turns out i wasn’t passing in the query json from the previous step. I named the output vulns, but it is called items. once i pass in {{[“Get-Adjusted-Vulns”]}}
Still need/want to figure out how to name that properly.
the filter ended up being {“VulnIDs”:[.items|.|.[“Vulnerability ID”]]}
Thanks for asking for clarification! It’s important to understand the limits when working with plugin data. Essentially, you can’t rename or transform the actual data coming out of a plugin. Your only action is to update the output definition so that our system knows what to expect from the external API, like Surface Command. For example, if the plugin always returns a list named items containing nested objects, and you know a specific query will return keys like orderId and customerName, you can edit the definition to include those. All this does is populate the variable picker with the correct values, allowing you to select them easily in later steps. If you’re comfortable typing out the variables manually using Handlebars (e.g., {{stepName.orderId}}), you can skip this editing step entirely.
Also, don’t worry about variable collisions—since every step must have a unique name, and variables are always called by the step name followed by the value, everything stays nicely separated and unique.
