IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

How to get details in the incident all artifacts.

1. How to get details in the incident all artifacts.

Like
shivam gote
Posted Wed January 10, 2024 05:22 AM

Reply
How to get details in the incident all artifacts ?

------------------------------
shivam gote
------------------------------
2. RE: How to get details in the incident all artifacts.

Like
AnnMarie Norcross
Posted Wed January 10, 2024 09:22 AM

Reply
Hi Shivam

To get the artifacts of an incident you should you the incidentArtifactREST endpoint:

POST /orgs/{org_id}/incidents/{inc_id}/artifacts/query_paged

If you don't want to filter anything pass {} as the JSON body.

Let me know if you need more info!

------------------------------
AnnMarie Norcross
------------------------------

Original Message
3. RE: How to get details in the incident all artifacts.

Like
shivam gote
Posted Thu January 11, 2024 02:23 AM

Reply
Hello AnnMarie,

Thank you.

Regards,

------------------------------
shivam gote
------------------------------

Original Message
4. RE: How to get details in the incident all artifacts.

Like
Nick Mumaw
Posted Thu January 11, 2024 09:05 AM

Reply
To add to AnnMarie's response, I have also created an Artifact Utilities integration that would allow for you to do this now within the incident. Check it out!

https://exchange.xforce.ibmcloud.com/hub/extension/aa67d7bce0a2dedd0f200baa6181fded

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security
------------------------------

Original Message
5. RE: How to get details in the incident all artifacts.

Like
shivam gote
Posted Fri January 12, 2024 07:44 AM

Reply
Hello Nick Mumaw,

Thanks for the details. I will check these links.

Regards,

------------------------------
shivam gote
------------------------------

Original Message

IBM QRadar SOAR

IBM QRadar SOAR

How to get details in the incident all artifacts.

shivam goteWed January 10, 2024 05:22 AM

AnnMarie NorcrossWed January 10, 2024 09:22 AM

shivam goteThu January 11, 2024 02:23 AM

Nick MumawThu January 11, 2024 09:05 AM

shivam goteFri January 12, 2024 07:44 AM

1. How to get details in the incident all artifacts.

2. RE: How to get details in the incident all artifacts.

3. RE: How to get details in the incident all artifacts.

4. RE: How to get details in the incident all artifacts.

5. RE: How to get details in the incident all artifacts.

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

How to get details in the incident all artifacts.

shivam goteWed January 10, 2024 05:22 AM

AnnMarie NorcrossWed January 10, 2024 09:22 AM

shivam goteThu January 11, 2024 02:23 AM

Nick MumawThu January 11, 2024 09:05 AM

shivam goteFri January 12, 2024 07:44 AM

1. How to get details in the incident all artifacts.

2. RE: How to get details in the incident all artifacts.

3. RE: How to get details in the incident all artifacts.

4. RE: How to get details in the incident all artifacts.

5. RE: How to get details in the incident all artifacts.

Additional Resources

Office

Quick Links

Additional
Resources