Unable to parse $skipToken for Microsoft sentinel - Threat Intelligence Indicators - List

Dora babu 0 Reputation points
2023-11-24T12:19:36.5233333+00:00

For Microsoft sentinel Incident -List we are getting $skipToken value in such format which is working fine.

$skipToken=H4sIAAAAAAAACjWP3WqDQBCF32X3Mi0xxp_sghfrrhZDRqMVCy29sEG2tVWhrVU3JM_ebWwGDnycGebMPB3Rd_detYiiRRYJeobbMGDJI98Hrw-QArtU6nk4y-kK5xmntqFZ0N1Ub7aqGLiy2vhO9qwshZ_DCCrtoY56UGEBuXRBHdxYyJ-4jqZYgBl_fDEc3RfUxFGQUMe2HRenPKQbHO45ZVLu_kO1hgv5WnzGYFZFDha7HqcHOlZ1iWoWlWisrV4WMn_gI-vFEgyxfJm4JAPz0A36LFtZIXpEzdvfz4bNVwHhwnHXa2LoflOOV3s2CTfR6fT8C7JkzigoAQAA

However for ThreatIntelligence Indicators list we are getting nextLink in Json String format such as 

$skipToken=[{"compositeToken":{"token":"+RID:~AkoXAN+MMQ8Wvx4AAAAAAA==#RT:1#TRC:100#RTD:eXTCpa71Yy1sqZIRoXXABTMxMzQuMjIuMjhVMjo7NTQ7NDMvMzQzNjQ0N1sA#ISV:2#IEO:65567#QCF:8#FPC:AYGEHgAAAAAA2qkfAAAAAAA=","range":{"min":"","max":"FF"}},"orderByItems":[{"item":"2023-11-17T19:43:32.2325336Z"}],"rid":"AkoXAN+MMQ8Wvx4AAAAAAA==","skipCount":0,"filter":"true"}].

We tried replacing (""") with ("") as well as passing token value as $skipToken since we are getting only the first 100 Threat indicators.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,058 questions
{count} votes