Hello Everyone,

I am working on a project where I need to integrate IBM Resilient with a 3rd Party Application. As I am new to Resilient, I need to know is there a postman example available to authenticate and query incidents?

Moreover, I wrote a python code and I am yet to check the same as I am waiting for the access. Could you kindly let me know whether the code approach will work either.

Code:

Hi Hariharan,

I made some small tweaks to your script which should allow it to run (Note: no SSL cert, using api key instead of usename/password)

Code:

import json
from resilient import SimpleClient

RESILIENT_API_KEY_ID = "your_api_key_id"
RESILIENT_API_KEY_SECRET = "your_api_key_secret"
RESILIENT_URL = "https://your-resilient-instance.com"
ORG_NAME="organization_name"# Replace with your organization's name
client = SimpleClient(org_name=ORG_NAME, base_url=RESILIENT_URL, verify=False)

client.set_api_key(api_key_id=RESILIENT_API_KEY_ID, api_key_secret=RESILIENT_API_KEY_SECRET)

try:
    incidents_data = client.get("/incidents")

    print(json.dumps(incidents_data, indent=2))

except Exception as e:
    print(f"An error occurred: {e}")

Hello @Hariharan Devaraj,

For a good start, you can look at the code of a utility I've developed and  shared to the community  "QuickResilientSOARstatistics.py," which is designed to interact with the IBM SOAR (Resilient) tool.

This Python script allows you to efficiently query and retrieve detailed information on incidents whether they are :

• Active,
• Closed,
• Deleted, 
• Pending,
• Simulated

It give you also number of artifacts, notes, and attached files (with the global size)

The utility is compatible with both Python 2 and Python 3 and features multithreading capabilities to optimize search times, especially beneficial when dealing with more than 1000 incidents. (be mindful of pagination when you scale up your queries)

You can find the utility, along with an example of its output, on GitHub at this link: https://github.com/zoldax/quickresilientsoarstatistics.

Feel free to try it out and let me know if you have any feedback or suggestions for improvement!

Here is a sample result :

Quick SOAR Statistics by Abakus Sécurité
Date:
18/12/2024
[####################] 100%
Total number of incidents: 1366
Total number of artifacts: 59
Total number of notes: 13
Total number of attachments: 8
Total size of attachments: 2.23 MB
Total training incidents: 5
Total incidents with status C: 4 (Closed)
Total incidents with status A: 1362 (Active)
Elapsed time: Oh 2m 59s

Hope this help,

Zoldax