I am using the Call Rest API function to get a result from BigFix.    The result is in xml format.  When I output the result to Note, QRadar SOAR converted it to JSON format.  The field names are gone and I ended up have many /n and /t in the output.   Anyone run into this issue?  
Do I need to do something special to handle xml output in QRadar SOAR?  Below is the example.

The output looks like this when I run this with Python interpreter: 
 <?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd">
        <Query Resource="ids of bes computers whose ( exists ip address whose (it as string contains &quot;192.168.0.1&quot;) of it )">
                <Result>
                        <Answer type="integer">12734567</Answer>
                </Result>
                <Evaluation>
                        <Time>440.794ms</Time>
                        <Plurality>Plural</Plurality>
                </Evaluation>
        </Query>
</BESAPI>

When I write the result to QRadar SOAR Notes, it looks like this.  The field name are gone.
'text': '\n\n\t\n\t\t\n\t\t\t1234567\n\t\t\n\t\t\n\t\t\t420.970ms\n\t\t\tPlural\n\t\t\n\t\n\n', 'json': None, 'links': {}}

------------------------------
Ray Tam
------------------------------

Hi Ray -

How are you adding the text to the note? You might want to play around with some of the helper text formatting functions, see here: https://www.ibm.com/docs/en/sqsp/51?topic=scripts-helper-operations

I am using the Call Rest API function to get a result from BigFix.    The result is in xml format.  When I output the result to Note, QRadar SOAR converted it to JSON format.  The field names are gone and I ended up have many /n and /t in the output.   Anyone run into this issue?  
Do I need to do something special to handle xml output in QRadar SOAR?  Below is the example.

The output looks like this when I run this with Python interpreter: 
 <?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd">
        <Query Resource="ids of bes computers whose ( exists ip address whose (it as string contains &quot;192.168.0.1&quot;) of it )">
                <Result>
                        <Answer type="integer">12734567</Answer>
                </Result>
                <Evaluation>
                        <Time>440.794ms</Time>
                        <Plurality>Plural</Plurality>
                </Evaluation>
        </Query>
</BESAPI>

When I write the result to QRadar SOAR Notes, it looks like this.  The field name are gone.
'text': '\n\n\t\n\t\t\n\t\t\t1234567\n\t\t\n\t\t\n\t\t\t420.970ms\n\t\t\tPlural\n\t\t\n\t\n\n', 'json': None, 'links': {}}

------------------------------
Ray Tam
------------------------------

I am using the Call Rest API function to get a result from BigFix.    The result is in xml format.  When I output the result to Note, QRadar SOAR converted it to JSON format.  The field names are gone and I ended up have many /n and /t in the output.   Anyone run into this issue?  
Do I need to do something special to handle xml output in QRadar SOAR?  Below is the example.

The output looks like this when I run this with Python interpreter: 
 <?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd">
        <Query Resource="ids of bes computers whose ( exists ip address whose (it as string contains &quot;192.168.0.1&quot;) of it )">
                <Result>
                        <Answer type="integer">12734567</Answer>
                </Result>
                <Evaluation>
                        <Time>440.794ms</Time>
                        <Plurality>Plural</Plurality>
                </Evaluation>
        </Query>
</BESAPI>

When I write the result to QRadar SOAR Notes, it looks like this.  The field name are gone.
'text': '\n\n\t\n\t\t\n\t\t\t1234567\n\t\t\n\t\t\n\t\t\t420.970ms\n\t\t\tPlural\n\t\t\n\t\n\n', 'json': None, 'links': {}}

------------------------------
Ray Tam
------------------------------

I am using the Call Rest API function to get a result from BigFix.    The result is in xml format.  When I output the result to Note, QRadar SOAR converted it to JSON format.  The field names are gone and I ended up have many /n and /t in the output.   Anyone run into this issue?  
Do I need to do something special to handle xml output in QRadar SOAR?  Below is the example.

The output looks like this when I run this with Python interpreter: 
 <?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd">
        <Query Resource="ids of bes computers whose ( exists ip address whose (it as string contains &quot;192.168.0.1&quot;) of it )">
                <Result>
                        <Answer type="integer">12734567</Answer>
                </Result>
                <Evaluation>
                        <Time>440.794ms</Time>
                        <Plurality>Plural</Plurality>
                </Evaluation>
        </Query>
</BESAPI>

When I write the result to QRadar SOAR Notes, it looks like this.  The field name are gone.
'text': '\n\n\t\n\t\t\n\t\t\t1234567\n\t\t\n\t\t\n\t\t\t420.970ms\n\t\t\tPlural\n\t\t\n\t\n\n', 'json': None, 'links': {}}

------------------------------
Ray Tam
------------------------------