IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

O365 integration - adding to data table

  • 1.  O365 integration - adding to data table

    Posted Wed April 13, 2022 03:40 PM
    For those that have used the O365 integration (fn_exchange_online version 1.3.0), how have you been able to add the query results (Exchange Online: Query Messages function) to the Exchange Online Message Query Results data table? The function is supposed to do so automatically? Note: I selected 'Exchange Online Data Table' option under the exo_query_output_format parameter. 

    Alternatively, I tried to manually add the output from the O365 query into the data table with a script task. However, I am running into an issue where the query data field is of type Data Time Picker, and am unsure how to convert a text string into Data Time Picker. From the documentation I've reviewed, it appears that Data Time Picker type is encoded as a Java date type.

    ------------------------------
    Mark Aksen
    ------------------------------


  • 2.  RE: O365 integration - adding to data table

    Posted Thu April 14, 2022 08:43 AM
    Hi Mark

    The results of the query should show up in the data table automatically if you select them to go there.

    Are you running on app host?  Can you take a look at the logs to see if there are any errors? 

    Try to limit the scope of the query to see if you can gets results to show up.  In other words, search
    one mailbox for a specific email subject that you know is in the mailbox.

    ------------------------------
    AnnMarie Norcross
    ------------------------------

    Original Message