IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

ServiceNow for IBM SOAR - Send Attachments from SNOW to SOAR is covered ot not

  • 1.  ServiceNow for IBM SOAR - Send Attachments from SNOW to SOAR is covered ot not

    Posted Thu January 27, 2022 11:21 AM

    Hi Community,

     

    We would like to install ServiceNow for IBM SOAR. In the description I see that „Send Attachments from a SOAR Incident or Task to a related ServiceNow Record" is covered. Is the other direction from SNOW to SOAR – sending attachment - is covered with this App or not? If you have any further info how to implement it, it is welcomed.

     

    Thanks, Csaba

     

    link: https://exchange.xforce.ibmcloud.com/hub/extension/60d9d260cdbc40047309fc6132a57035

     



  • 2.  RE: ServiceNow for IBM SOAR - Send Attachments from SNOW to SOAR is covered ot not

    Posted Fri January 28, 2022 09:51 AM
    Csaba,

    It has been awhile since I've reviewed the ServiceNOW integration, but when I was first setting it up I created my own function to pull attachments from ServiceNOW tickets. The function uses the GET /now/attachment/{attachment_id}/file endpoint of the ServiceNOW API.

    The attachment_id would be the attachment's sys_id. It looks like I created a separate function to get the ServiceNOW ticket information using the GET /now/table/{table_name}/{ticket_sys_id} endpoint, which should contain all of the attachments sys_ids.

    Again, I'm not 100% positive whether these separate functions are still required or not. If you go down this route I'd be happy to try and answer any questions that pop up


    ------------------------------
    Liam Mahoney
    ------------------------------

    Original Message


Related Content