IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to get all incident id in 1 day in IBM resilient SOAR

  • 1.  How to get all incident id in 1 day in IBM resilient SOAR

    Posted Tue February 13, 2024 08:07 AM

    Hello Team,

    I have to create a custom script where I need to add all incident id of last 1 day and I have seen api 

    rest/orgs/201/incidents/query_paged?

     but I am not able to utlize this

    Kindly check the details and let me know how to filter the tincidents based on time.



    ------------------------------
    Swapnil
    Software Engineer
    ------------------------------


  • 2.  RE: How to get all incident id in 1 day in IBM resilient SOAR

    Posted Thu February 15, 2024 10:43 AM

    Hello Swapnil,

    You can modify the payload that gets sent with your POST request to 

    rest/orgs/201/incidents/query_paged?

    To specify a filter that will only give you back incidents that satisfy a certain condition. For example, you can try sending a payload like:

    {
    "filters": [
        {
            "conditions": [
                {
                    "field_name": "create_date",
                    "method": "gte",
                    "value": <timestamp for 1 day earlier>
                }
            ]
        }
    ]
}

    Where we check that the create date timestamp of the incident is "greater than or equal to" to the timestamp from 1 day before. You can give this a try with the Interactive API, as well.

    Hope this helps.



    ------------------------------
    Priya Sapra
    ------------------------------

    Original Message


Related Content