IBM QRadar SOAR

IBM QRadar

Join this online topic group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Fidelis API integration with Resilient

    Posted Fri May 17, 2019 08:20 AM
      |   view attached
    Hi Team,

    Hi Team,

    We need to Integrate Resilient with Fidelis for alert enrichment.

    We need to take more details of alert from Resilient through API call (attaching the screen shot that explains how to connect fidelis through API).

    Please help us to create workflow for this.

    Thanks & Regards,
    Sajin MB






    Regards,
    Sajin MB

    ------------------------------
    Sajin MB
    ------------------------------


  • 2.  RE: Fidelis API integration with Resilient

    Posted Mon May 20, 2019 12:51 AM
    Hi Sajin,

    You can try "Example: Call REST API" workflow provided in Utility Functions for Resilient V1.0.7.

    ------------------------------
    LILY WANG
    ------------------------------

    Original Message


  • 3.  RE: Fidelis API integration with Resilient

    Posted Mon May 20, 2019 06:24 AM
    @LILY WANG

    Thanks for the update. Do you have any documentation for doing this.as per the screen shot attached in the trail discussion , you can see we need to pass UID after connecting to Fidelis. How to do that.?

    Regards,
    Sajin MB​​

    ------------------------------
    Sajin MB
    ------------------------------

    Original Message


  • 4.  RE: Fidelis API integration with Resilient

    Posted Mon May 20, 2019 10:24 PM
    Hi Sajin,

    I don't have experience on Fidelis. However if you check the pre-process script sample in workflow "Example: Call REST API" you could see:
    inputs.rest_method = "POST"

    # Let's post a URL that includes the artifact value
    inputs.rest_url = u"http://httpbin.org/post?value={}".format(artifact.value)

    # For POST requests, the body is text
    inputs.rest_body = '{"and": "json can be written as a string"}'

    # HTTP headers can be specified as a multi-line string
    inputs.rest_headers = """
    Content-Type: application/json
    X-Frooble: Baz
    """

    # The 'rest_verify' parameter (Boolean) indicates whether to verify SSL certificates.
    # This should be True unless you need to connect to a self-signed or other invalid cert.
    inputs.rest_verify = True

    I think you can put "x-uid:" in "inputs.rest_headers="

    ------------------------------
    LILY WANG
    ------------------------------

    Original Message