Hello,

Does someone has an example how I can create an incident from PowerShell script or REST API call?

------------------------------
Alexey Fedorov
------------------------------

Hi Alexey,

REST API documentation will help you, https://<your soar instance>/docs/rest-api/ui/index.html#/IncidentREST/createIncident.


A small trick;
1- Open developer console on your browser.
2- Listen network traffic, especially fetch/XHR.
3- Open an incident on SOAR
4- Catch the requests that related with opening incident
5- Copy as powershell.




------------------------------
Burak Karaduman
------------------------------

Original Message:
Sent: Mon July 18, 2022 09:31 AM
From: Alexey Fedorov
Subject: Create an Incident from PowerShell/REST API call

Hello,

Does someone has an example how I can create an incident from PowerShell script or REST API call?

------------------------------
Alexey Fedorov
------------------------------

Hello Burak,

Thank you! This is was useful for me.

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Tue July 19, 2022 01:59 AM
From: Burak Karaduman
Subject: Create an Incident from PowerShell/REST API call

Hi Alexey,

REST API documentation will help you, https://<your soar instance>/docs/rest-api/ui/index.html#/IncidentREST/createIncident.


A small trick;
1- Open developer console on your browser.
2- Listen network traffic, especially fetch/XHR.
3- Open an incident on SOAR
4- Catch the requests that related with opening incident
5- Copy as powershell.




------------------------------
Burak Karaduman

Original Message:
Sent: Mon July 18, 2022 09:31 AM
From: Alexey Fedorov
Subject: Create an Incident from PowerShell/REST API call

Hello,

Does someone has an example how I can create an incident from PowerShell script or REST API call?

------------------------------
Alexey Fedorov
------------------------------

I wasn't aware of this trick! thanks for sharing!

One more thing. If you want just the bare minimum to create a new incident, you must provide 

• name
• incident type (array of integers where integer is the incident type id that you can grab from OrgREST endpoint (e.g. https://resilient.localdomain/docs/rest-api/ui/index.html#/OrgREST/getOrg)
• pii (data compromised = boolean)
• discovered date (in millis)

Mandatory fields were supposed to be documented, but for some reason, they are not at https://resilient.localdomain/docs/rest-api/json_FullIncidentDataDTO.html 

[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Tue July 19, 2022 01:59 AM
From: Burak Karaduman
Subject: Create an Incident from PowerShell/REST API call

Hi Alexey,

REST API documentation will help you, https://<your soar instance>/docs/rest-api/ui/index.html#/IncidentREST/createIncident.


A small trick;
1- Open developer console on your browser.
2- Listen network traffic, especially fetch/XHR.
3- Open an incident on SOAR
4- Catch the requests that related with opening incident
5- Copy as powershell.




------------------------------
Burak Karaduman

Original Message:
Sent: Mon July 18, 2022 09:31 AM
From: Alexey Fedorov
Subject: Create an Incident from PowerShell/REST API call

Hello,

Does someone has an example how I can create an incident from PowerShell script or REST API call?

------------------------------
Alexey Fedorov
------------------------------