Hi,

I am attempting to get an incident details with the SOAR Rest API with a Powershell script.

I created an API Key and gave it full control.

My script is pretty basic and it looks like this:

$key_id = 'XXX-XXX-XXX-XXX'
$key = 'YYY-YYY-YYY-YYY'
$url = 'https://[myorg].resilientsystems.com/rest/orgs/[999]/incidents/1234'
$headers = @{}
$headers.Add('Accept','application/json')
$headers.Add('SEC',$key)

$response = Invoke-RestMethod -Method Get $url -Headers $headers 

 I am guessing that I am not authenticating the right way because I get an error message: (401) not authorized.

Would anyone be able to point me in the right direction?

Thanks

Hi Pierre

How about to try the following code?

Before execution, you need to substitute the following parameters:  <api-key>,<api-secret>, <soar-host>, <org-id> and <inc_id> according to your environments.

# BASIC Auth
$username = "<api-key>"
$password = "<api-secret>"
$basicAuthValue = "Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($username+":"+$password))
$headers = @{"Authorization" = $basicAuthValue}

# SOAR Info
$resilientIP = "<soar-host>"
$orgId = "<org-id>"
$incidentId = "<inc-id>"

# Incident  REST-URL
$uri = "https://${resilientIP}/rest/orgs/${orgId}/incidents/${incidentId}"

# REST
Invoke-RestMethod -Uri $uri -Method Get -ContentType "application/json;" -Headers $headers

Hi,

I am attempting to get an incident details with the SOAR Rest API with a Powershell script.

I created an API Key and gave it full control.

My script is pretty basic and it looks like this:

$key_id = 'XXX-XXX-XXX-XXX'
$key = 'YYY-YYY-YYY-YYY'
$url = 'https://[myorg].resilientsystems.com/rest/orgs/[999]/incidents/1234'
$headers = @{}
$headers.Add('Accept','application/json')
$headers.Add('SEC',$key)

$response = Invoke-RestMethod -Method Get $url -Headers $headers 

 I am guessing that I am not authenticating the right way because I get an error message: (401) not authorized.

Would anyone be able to point me in the right direction?

Thanks

Hi Yohji,

Thank you so very much! It worked!

I just want to add for others who might use this code that on my first try I got this error message:

 CategoryInfo          : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

I just added this line at the beginning of the script:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Thanks again

Hi Pierre

How about to try the following code?

Before execution, you need to substitute the following parameters:  <api-key>,<api-secret>, <soar-host>, <org-id> and <inc_id> according to your environments.

# BASIC Auth
$username = "<api-key>"
$password = "<api-secret>"
$basicAuthValue = "Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($username+":"+$password))
$headers = @{"Authorization" = $basicAuthValue}

# SOAR Info
$resilientIP = "<soar-host>"
$orgId = "<org-id>"
$incidentId = "<inc-id>"

# Incident  REST-URL
$uri = "https://${resilientIP}/rest/orgs/${orgId}/incidents/${incidentId}"

# REST
Invoke-RestMethod -Uri $uri -Method Get -ContentType "application/json;" -Headers $headers

Hi,

I am attempting to get an incident details with the SOAR Rest API with a Powershell script.

I created an API Key and gave it full control.

My script is pretty basic and it looks like this:

$key_id = 'XXX-XXX-XXX-XXX'
$key = 'YYY-YYY-YYY-YYY'
$url = 'https://[myorg].resilientsystems.com/rest/orgs/[999]/incidents/1234'
$headers = @{}
$headers.Add('Accept','application/json')
$headers.Add('SEC',$key)

$response = Invoke-RestMethod -Method Get $url -Headers $headers 

 I am guessing that I am not authenticating the right way because I get an error message: (401) not authorized.

Would anyone be able to point me in the right direction?

Thanks