IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Download artifact

    Posted Tue July 28, 2020 12:30 PM
    Hi

    I am trying to download an artifact (Other file type). This is my current code which doesn't work.

    import resilient


    class ArgumentParser(resilient.ArgumentParser):
        def __init__(self, config_file=None):
            super(ArgumentParser, self).__init__(config_file=config_file)


    parser = ArgumentParser(config_file=resilient.get_config_file())
    opts = parser.parse_args()

    # Create SimpleClient for a REST connection to the Resilient services
    resilient_client = resilient.get_client(opts)

    incident_id = 12712
    artifact_id = 24953

    artifacts = []

    a = resilient_client.get_content('/incidents/{}/artifacts/{}/contents?handle_format=names'.format(incident_id, artifact_id))
    with open("a.exe", "wb") as exe:
        exe.write(a

    How can I achieve that task ?

    Doing the same query from Interactive REST API I obtain a blob file which have wrong dimmensions compared to the original artifact.

    Thanks

    ------------------------------
    Lucian Sipos
    ------------------------------


  • 2.  RE: Download artifact

    Posted Tue March 23, 2021 09:14 PM
    By design, the file type artifact is not allowed to download because it could be suspicious or malicious. I'd suggest if a need to download a file from this platform, it should be uploaded as an attachment, not an artifact. hope this help.

    ------------------------------
    Leo Kuo
    ------------------------------

    Original Message