[Question] how to take data from artifact or observable thehive case wazuh responder
romarito90 opened this issue · 0 comments
romarito90 commented
Hello everyone I'm trying to get fix the problem in the wazuh responder to active response from Thehive to Wazuh
How can I get the data from an artifact or observable in a case ?
I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive
How can I get the data from that field and pass to the payload to run the command firewalldrop
If I run the command like above this It works
When I change the code to the following the analyzer failed
what command or code I need to get that data from that field "agent_id " in this case 12079 ??
Work Environment
| Question | Answer |
|---|---|
| OS version (client) | Windows 11 |
| Dedicated RAM | 32 GB |
| vCPU | 16 |
| TheHive version / git hash | 4.1 |
| Package Type | RPM |
| Database | Cassandra |
| Index type | Elasticsearch |
| Attachments storage | Local |
| Browser type & version | Firefox |