IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  REST API function - XML in body

    Posted Tue December 10, 2024 03:51 PM

    I need to send an action execution from SOAR to BigFix.

    To do this, I am using the REST API function, but it fails with a "400 Client Error: Bad Request for url: https://SERVER_BIGFIX:52311/api/actions" error, and I believe it is due to the XML being sent in the payload.

    Using Postman, it works perfectly, but from the SOAR function, it returns a 400 error.

    inputs.rest_api_method = 'POST'
    inputs.rest_api_verify = False
    inputs.rest_api_url = 'https://SERVER_BIGFIX:52311/api/actions'
    inputs.rest_api_headers = """Content-Type: text/xml
    Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"""

    inputs.rest_api_timeout = 180

    payload = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<BES xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"BES.xsd\">\r\n\t<SingleAction>\r\n\t\t<Title>This is a DIR</Title>\r\n\t\t<Relevance>true</Relevance>\r\n\t\t<ActionScript MIMEType=\"application/x-Fixlet-Windows-Shell\">dir\r\n</ActionScript>\r\n\t\t<SuccessCriteria Option=\"RunToCompletion\"></SuccessCriteria>\r\n\t\t<Settings>\r\n\t\t\t<EndDateTimeLocalOffset>P2DT4H</EndDateTimeLocalOffset>\r\n\t\t</Settings>\r\n\t\t<IsUrgent>false</IsUrgent>\r\n\t</SingleAction>\r\n</BES>\r\n"
    inputs.rest_api_body = payload

    inputs.incident_id = incident.id



    ------------------------------
    Juan Cruz Del Col
    ------------------------------


  • 2.  RE: REST API function - XML in body

    Posted Tue December 17, 2024 05:55 AM

    which function are you using : Call REST API  or Utilities: Call REST API  ?



    ------------------------------
    Przemyslaw Klys
    ------------------------------

    Original Message


Related Content