IBM QRadar SOAR

Hello,

I would like to use the IncidentArtifactREST API to GET all the information about artifact (and then POST it into an other incident). It works well on the Resilient Interactive REST API platform, but when I tried to implemented it into workflow, I always had the same issue. The error code was 401 ans it seems I am "unauthorized".
Did someone know how to handle this ? Maybe a identification problem ? But how can I set the cookies/token ?

Thanks a lot,
Best regards

------------------------------
Neilo PERRIN-GANIER
------------------------------

Hi Neilo,

To call the API is a two step process. You have to pass your email address and password and you will be sent back a CSRF_TOKEN and JSESSIONID. You then need to use the CSRF_TOKEN and JSESSIONID in your second call when you send your POST/GET/PATCH etc.

Please take a look at Creating an incident using the API where I describe, using curl, how you can do this.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Thu June 13, 2019 07:14 AM
From: Neilo PERRIN-GANIER
Subject: IncidentArtifactREST API

Hello,

I would like to use the IncidentArtifactREST API to GET all the information about artifact (and then POST it into an other incident). It works well on the Resilient Interactive REST API platform, but when I tried to implemented it into workflow, I always had the same issue. The error code was 401 ans it seems I am "unauthorized".
Did someone know how to handle this ? Maybe a identification problem ? But how can I set the cookies/token ?

Thanks a lot,
Best regards

------------------------------
Neilo PERRIN-GANIER
------------------------------

Hi Ben,

Thanks for your reply ! 2 questions remain :

• Is it possible without using curl (directly into a function in a workflow) ? I don't find the right syntax to do it (with rest_cookies or rest_headers).
• If not, where can I inject the curl command (new script ?) ?

Thank you in advance,

------------------------------
Neilo PERRIN-GANIER
------------------------------

Original Message:
Sent: Fri June 14, 2019 04:22 AM
From: BEN WILLIAMS
Subject: IncidentArtifactREST API

Hi Neilo,

To call the API is a two step process. You have to pass your email address and password and you will be sent back a CSRF_TOKEN and JSESSIONID. You then need to use the CSRF_TOKEN and JSESSIONID in your second call when you send your POST/GET/PATCH etc.

Please take a look at Creating an incident using the API where I describe, using curl, how you can do this.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Thu June 13, 2019 07:14 AM
From: Neilo PERRIN-GANIER
Subject: IncidentArtifactREST API

Hello,

I would like to use the IncidentArtifactREST API to GET all the information about artifact (and then POST it into an other incident). It works well on the Resilient Interactive REST API platform, but when I tried to implemented it into workflow, I always had the same issue. The error code was 401 ans it seems I am "unauthorized".
Did someone know how to handle this ? Maybe a identification problem ? But how can I set the cookies/token ?

Thanks a lot,
Best regards

------------------------------
Neilo PERRIN-GANIER
------------------------------

Can you please post the CURL used, as the success.resilienteystems webpage URL mentioned is not available anymore.

Thanks for your help in advance!

------------------------------
Thomas Baumann
ACP IT Consulting GmbH (formerly: tiri GmbH)
Hamburg
------------------------------

Original Message:
Sent: Fri June 14, 2019 04:22 AM
From: BEN WILLIAMS
Subject: IncidentArtifactREST API

Hi Neilo,

To call the API is a two step process. You have to pass your email address and password and you will be sent back a CSRF_TOKEN and JSESSIONID. You then need to use the CSRF_TOKEN and JSESSIONID in your second call when you send your POST/GET/PATCH etc.

Please take a look at Creating an incident using the API where I describe, using curl, how you can do this.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Thu June 13, 2019 07:14 AM
From: Neilo PERRIN-GANIER
Subject: IncidentArtifactREST API

Hello,

I would like to use the IncidentArtifactREST API to GET all the information about artifact (and then POST it into an other incident). It works well on the Resilient Interactive REST API platform, but when I tried to implemented it into workflow, I always had the same issue. The error code was 401 ans it seems I am "unauthorized".
Did someone know how to handle this ? Maybe a identification problem ? But how can I set the cookies/token ?

Thanks a lot,
Best regards

------------------------------
Neilo PERRIN-GANIER
------------------------------