Hello everyone I'm trying to get fix the problem in the wazuh responder
How can I get the data from an artifact or observable in a case ?
I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive
How can I get the data from that field and pass to the payload to run the command firewalldrop
If I run the command like above this It works
When I change the code to the following the analyzer failed
what command or code I need to get that data from that field "agent_id " in this case 12079 ??
Work environment
- Client OS: Windows 11
- Browse type and version: Firefox
- Cortex version: 3.1.7
- Cortex Analyzer/Responder name: Wazuh 1.0
Hello everyone I'm trying to get fix the problem in the wazuh responder
How can I get the data from an artifact or observable in a case ?
I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive
How can I get the data from that field and pass to the payload to run the command firewalldrop
If I run the command like above this It works
When I change the code to the following the analyzer failed
what command or code I need to get that data from that field "agent_id " in this case 12079 ??
Work environment