Is there a way to use multivalue fields in SOAR? I have not been able to find a good article on how to do this. We have a few sets of logs that use multivalue fields. By default the SOAR export app will create individual artifacts with only 1 value in a field if the event has multiple values in a field. I know you can turn on the option in the SOAR export app to send all values as a mutivalue field to SOAR but the issue is when the actions inside of a playbook sees the data in a multivalue field they usually fail.  Here is an example of how an Artifact looks when I send an event as a multi value field to SOAR. md5_hash: ["55df197458234c1b48fed262e1ed2ed9","55df1974e1b8698765fed262e1ed2ed9"] sha1_hash: ["b50e38123456ee77ab562816ab0b81b2ab7e3002","b50e3817d416ee77ab562816ab0b81b2ab7e3002"] sha256_hash:["b8807c0df1ad23c85e42104efbb96bd61d5fba97b7e09a9e73f5e1a48db1e27e","b8807c0df1ad23c81234504efbb96bd61d5fba97b7e09a9e73f5e1a48db1e27e"] domains: ["some1.domain1.com","some.domain.com"] urls:["https://domain.com/uri/uri/picture.png ","https://some1.domain1.com/uri/uri/uri/something.gif ","https://some2.domain2.com/uri/uri/uri/something.gif ","https://some3.domain3.com/uri/uri/uri/something.gif.gif "] Here is an example Error if I were to try and get the IPs of the domains field Error Code: Error code unavailable. Error Message: None of DNS query names exist: ['some1.domain1.com',\032'some.domain.com']., ['some1.domain1.com',\032'some.domain.com'].localdomain. type = A domain = ['some1.domain1.com','some.domain.com'] I believe the playbook is seeing the data in the field as a single set of data and not a list so it is literally querying the A records for "['some1.domain1.com',\032'some.domain.com']" and not "some1.domain1.com" and "some.domain.com" How can I split these multi value fields up so that the playbook runs them as a for loop and outputs the results as one block of data  ... View more