IBM QRadar SOAR

Hi All,

I am trying to get automated reports similar to that of the dashboards. I have read through the REST API documentation and cannot find anything related. 

The report would only run once per month, so wouldn't be frequent. The only plausible way I can think of doing this is using the IncidentREST and parsing the JSON to check certain field values. We would be looking at a large query involving a large number of incidents.

Regarding the above, I was hoping you could help me figure this out. I've included my questions below.

1. Is there a better way of approaching this?
2. Is it possible to make a request so that only specific fields return to avoid the return of massive JSON files?
3. Can I specify a date range to return incidents over a specific time period?

Thanks,
Jack Gorman.

At the moment, report scheduling is not possible.
You can vote for the RFE on the subject : Ability to Schedule Custom Reports

You could also use the Data Feeder integration to BI tools: Data Feeder on App exchange to export the data to an external BI tool and use this one to generated monthly report.

------------------------------
BENOIT ROSTAGNI
------------------------------

Original Message:
Sent: Wed September 16, 2020 11:37 AM
From: Jack Gorman
Subject: Dashboard Interaction from Rest API

Hi All,

I am trying to get automated reports similar to that of the dashboards. I have read through the REST API documentation and cannot find anything related. 

The report would only run once per month, so wouldn't be frequent. The only plausible way I can think of doing this is using the IncidentREST and parsing the JSON to check certain field values. We would be looking at a large query involving a large number of incidents.

Regarding the above, I was hoping you could help me figure this out. I've included my questions below.

1. Is there a better way of approaching this?
2. Is it possible to make a request so that only specific fields return to avoid the return of massive JSON files?
3. Can I specify a date range to return incidents over a specific time period?

Thanks,
Jack Gorman.

A replay on Data Feeder from @Raymond Suarez can be viewed here: Data Feeder Replay - Resilient Integration Update: Download to Deployment for Data Feeder

------------------------------
SIMON BRADISH
------------------------------

Original Message:
Sent: Mon September 28, 2020 01:49 PM
From: BENOIT ROSTAGNI
Subject: Dashboard Interaction from Rest API

At the moment, report scheduling is not possible.
You can vote for the RFE on the subject : Ability to Schedule Custom Reports

You could also use the Data Feeder integration to BI tools: Data Feeder on App exchange to export the data to an external BI tool and use this one to generated monthly report.

------------------------------
BENOIT ROSTAGNI

Original Message:
Sent: Wed September 16, 2020 11:37 AM
From: Jack Gorman
Subject: Dashboard Interaction from Rest API

Hi All,

I am trying to get automated reports similar to that of the dashboards. I have read through the REST API documentation and cannot find anything related. 

The report would only run once per month, so wouldn't be frequent. The only plausible way I can think of doing this is using the IncidentREST and parsing the JSON to check certain field values. We would be looking at a large query involving a large number of incidents.

Regarding the above, I was hoping you could help me figure this out. I've included my questions below.

1. Is there a better way of approaching this?
2. Is it possible to make a request so that only specific fields return to avoid the return of massive JSON files?
3. Can I specify a date range to return incidents over a specific time period?

Thanks,
Jack Gorman.