IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Falcon Sandbox with rest api

    Posted Tue June 04, 2024 07:21 AM

    I'm trying to automate sending files to the falcon sandbox. I have a working request to get authenticated (and to upload the file ( POST  /samples/entities/samples/v2 ) but sending a request to actually analyze the file keeps giving me 400 bad request and it says "Invalid number of sandbox parameters submitted!".

    I tired giving enviroment_id and url - 400

    enviroment_id and url with sha256 set to none - 400

    same as above but with sha256 instead of url also 400

    I even tried providing all the arguments possible and I'm getting the same error. I feel like SOAR is doing something to the request in the background and I wish I could just use python request lib.  I would appreciate any advice about this.



    ------------------------------
    Maria Czapkowska
    ------------------------------


  • 2.  RE: Falcon Sandbox with rest api

    Posted Tue June 04, 2024 09:00 AM

    For anyone facing errors with the rest api - it doesn't like single quotes, that was the reason for all the errors.



    ------------------------------
    Maria Czapkowska
    ------------------------------

    Original Message


Related Content