IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Resilient REST API

    Posted Thu May 09, 2019 01:48 PM
    Dear, when I execute the query, for example:
    {
  "filters": [
    {
      "conditions": [
        {
          "method": "equals",
          "field_name": "incident_type_ids",
          "value": 1003
        },
        {
          "field_name": "create_date",
          "method": "gte",
          "value": 1514823275000
        },
        {
          "field_name": "create_date",
          "method": "lte",
          "value": 1554091200000
        }
      ]
    }
  ],
  "sorts": [
    {
      "field_name": "plan_status",
      "type": "desc"
    }
  ],
  "start": 0,
  "length": 0,
  "recordsTotal": 0
}​

    The response is:
    {
    "recordsTotal": 3,
    "recordsFiltered": 3,
    "data": [
        {
            "name": "Test Training",
            "description": "<div>This is a test</div>",
            "phase_id": 1004,
            "inc_training": false,
            "id": 5418,
            "discovered_date": 1541597327000,
            "due_date": null,
            "create_date": 1541597327000,
            "owner_id": 1,
            "severity_code": null,
            "plan_status": "C"
        }
    ]
}​

    How can I add more fields to the answer? fields like "incident type" or custom fields.

    Thank you

    ------------------------------
    Juan Cruz Del Col
    ------------------------------


  • 2.  RE: Resilient REST API

    Posted Thu May 09, 2019 08:43 PM
    Hi Juan,

    Are you trying from Resilient webui Interactive REST API? I found it could be a problem with the interactive REST API.
    If I use the same payload in a curl or Python script, the returned data is IncidentDTO which contains the fields you need.

    ------------------------------
    LILY WANG
    ------------------------------

    Original Message


  • 3.  RE: Resilient REST API

    Posted Fri May 10, 2019 03:13 PM
    You can customize the API on backend to provide more data.

    ------------------------------
    Afflospark .com
    ------------------------------

    Original Message


  • 4.  RE: Resilient REST API

    Posted Fri May 10, 2019 04:59 PM
    @Afflospark .com
    How can I customize the API?

    @LILY WANG
    ​​I'm using the API through script in visual basic or the Postman application

    ------------------------------
    Juan Cruz Del Col
    ------------------------------

    Original Message


  • 5.  RE: Resilient REST API

    Posted Mon May 13, 2019 02:48 AM
    Hi Juan,

    Can you try to add "return_level=normal"  or "return_level=full" in your API, such as:
    https://resilient-url/rest/orgs/201/incidents/query_paged?return_level=full

    ------------------------------
    LILY WANG
    ------------------------------

    Original Message


  • 6.  RE: Resilient REST API

    Posted Mon May 13, 2019 09:36 AM
    Lily, what you are mentioning I already tested it and I have the following error:
    "Internal Server Error"



    ------------------------------
    Juan Cruz Del Col
    ------------------------------

    Original Message


  • 7.  RE: Resilient REST API

    Posted Tue May 14, 2019 02:58 AM
    I don't see any error using Postman in the same way. For "internal server error", you may check server side client.log for details.

    ------------------------------
    LILY WANG
    ------------------------------

    Original Message


  • 8.  RE: Resilient REST API

    Posted Tue May 14, 2019 09:01 AM
    Edited by Juan Cruz Del Col Tue May 14, 2019 10:00 AM
    Lily, my apologies ... I was using GET and it should be POST.

    It works perfect!

    ------------------------------
    Juan Cruz Del Col
    ------------------------------

    Original Message