1

I am attempting to create a JSON Object from an array to pass into a Microsoft product. The format in which the JSON object is accepted is shown beneath (content-type: "application/json"):

{
  "value": [
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
      "externalId": "Test--8586509942423126760MS164-0",
      "fileHashType": "sha256",
      "fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    },
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
      "externalId": "Test--8586509942423126760MS164-1",
      "fileHashType": "sha256",
      "fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    }
  ]
}

I making use of an inline code script in Microsoft automate that performs the following in JavaScript:

var threat = workflowContext.actions.Compose.outputs;
var value = Object.values(threat);
return value;

The workflowContext.actions.Compose.outputs line pulls an array consisting of objects shown in the following snippet:

[{"id": "1", "activityGroupNames": "test2"}, {"id": "2", "activityGroupNames": "test3"}, {"id": "3", "activityGroupNames": "test4"}]

This is my output:

{
  "body": [
    {
        "id": "1",
        "action": "alert",
      "activityGroupNames": "test2"
    },
    {
        "id": "2",
        "action": "alert",
        "activityGroupNames": "test3"
    },
    {
        "id": "3",
        "action": "alert",
        "activityGroupNames": "test2"
    }
  ]
}

it is pretty much identical to the format described my Microsoft shown in the first snippet. (https://learn.microsoft.com/en-us/graph/api/tiindicator-submittiindicators?view=graph-rest-beta&tabs=http) at the bottom.

I am unsure as to how I can change the key name from "body" to "value" and think maybe this will resolve my issue. Either way, I'd appreciate any other help on the matter, if any more context is required, please ask.

EDIT: The image beneath shows that the returned return value; is in fact being used as the input for a POST request to the Microsoft graph API

Image showing that the returned array of objects is being returned and used for posting to MS graph api

my name jeff
  • 89
  • 1
  • 9
  • Does this answer your question? [What is a NullReferenceException, and how do I fix it?](https://stackoverflow.com/questions/4660142/what-is-a-nullreferenceexception-and-how-do-i-fix-it) – derloopkat Oct 06 '21 at 14:12
  • @derloopkat Thanks but it doesn't, I will update my question slightly to show this – my name jeff Oct 06 '21 at 14:17

0 Answers0