IBM QRadar SOAR

Hello,

We have a custom integration that interacts with Resilient through the API. This integration does several things already and it's working like a charm. Now we want to introduce a new feature which is to re-open a ticket, change a few fields (like the owner) and also to re-open a couple of tasks, which is where we are having problems to find a way how to do it.

After reading the API documentation, I haven't been able to find a way to achieve this as there is not patch method for tasks. At most, I would be able to create a new task, but I would need to delete the existing one and also move the content it might have to the new one ( but this is cumbersome and not what we need).

Another option that I was considering is to create a rule that:

• Will be triggered when the status of the incident is changed to open.
• Will trigger a script that will change the status of the tasks.

However, I think I would then face a new problem as the rule will be on "incident" object but the script has(?) to be on tasks objects.

In summary we would like to know:

• Is is possible to re-open a task using the API?
• If not, what is a possible workaround?

Regards,
------------------------------
Carlos Ortigoza
------------------------------

Hi Carlos,

It's possible to reopen a task with REST API. If you check "TaskREST" in "Help/Contact > Rest API Reference", there's no PATCH method for task but you can use PUT.
To reopen a task, you need to use "GET /orgs/{org-id}/incidents/{incident-id}/tasks" to get the task id and name, then use the endpoint "PUT /orgs/{org-id}/tasks/{task-id}" with payload:
{"name":task-name, "status":"O"}
to reopen a task.

------------------------------
LILY WANG
------------------------------

Original Message:
Sent: Mon April 29, 2019 06:14 AM
From: Carlos Ortigoza
Subject: Re-opening tasks

Hello,

We have a custom integration that interacts with Resilient through the API. This integration does several things already and it's working like a charm. Now we want to introduce a new feature which is to re-open a ticket, change a few fields (like the owner) and also to re-open a couple of tasks, which is where we are having problems to find a way how to do it.

After reading the API documentation, I haven't been able to find a way to achieve this as there is not patch method for tasks. At most, I would be able to create a new task, but I would need to delete the existing one and also move the content it might have to the new one ( but this is cumbersome and not what we need).

Another option that I was considering is to create a rule that:

• Will be triggered when the status of the incident is changed to open.
• Will trigger a script that will change the status of the tasks.

However, I think I would then face a new problem as the rule will be on "incident" object but the script has(?) to be on tasks objects.

In summary we would like to know:

• Is is possible to re-open a task using the API?
• If not, what is a possible workaround?

Regards,
------------------------------
Carlos Ortigoza
------------------------------