[Bug] Wazuh responder problem with analyzer

Hello everyone I'm trying to get fix the problem in the wazuh responder 

How can I get the data from an artifact or observable in a case ?

I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive

![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/8acee147-7f01-4930-9acc-458b6dbf1c23)


How can I get the data from that field and pass to the payload to run the command firewalldrop 

![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/0111f6f4-1130-413e-8644-261e1f098e6d)


![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/e0759ea0-8bda-49cf-ac93-1b3c02b88e1a)

If I run the command like above this It works
![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/1d7d7779-33e4-468b-a416-ca4e0da4dc14)

When I change the code to the following the analyzer failed

![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/542a8562-813d-49eb-a336-a3c5734b93ff)



![imagen](https://github.com/TheHive-Project/Cortex-Analyzers/assets/114606380/138abd29-98fb-4ce7-853a-098de3cf777f)
 

what command or code I need to get that data from that field "agent_id " in this case 12079 ??


**Work environment**
 - Client OS: Windows 11
 - Browse type and version: Firefox 
- Cortex version: 3.1.7
 - Cortex Analyzer/Responder name: Wazuh 1.0 



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug] Wazuh responder problem with analyzer #1243

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug] Wazuh responder problem with analyzer #1243

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions