IBM QRadar SOAR

We are planning to get SNOW ticket status into resilient custom field, what is the resilient REST API end point to perform this action.

------------------------------
Dastagirsab Mulla
------------------------------

You can use the PATCH HTTP verb with the /rest/orgs/<org id>/incidents/<incident id> url. 

Here is an example curl command:

curl 'http://localhost:8080/rest/orgs/201/incidents/2595?return_dto=true' -X PATCH -H 'Origin: http://localhost:8080' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.9' -H 'browser_locale: en' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: CSRF_TOKEN=7b2276616c7565223a226666373765366265643333303331343338383330313561386562333531633332227d; JSESSIONID=C8898321D0C1EEC5896A987F01A90EFF' -H 'Connection: keep-alive' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: application/json' -H 'Accept: */*' -H 'Referer: http://localhost:8080/' -H 'text_content_output_format: objects_convert' -H 'X-sess-id: 7adf4a14121aac7ffd969af6912b2a9c' -H 'handle_format: null' --data-binary '{"changes":[{"field":"service_now_ticket_status","old_value":{},"new_value":{"text":"closed"}}]}' --compressed

This changes the custom field service_now_ticket_status to closed.

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed August 14, 2019 07:46 AM
From: Dastagirsab Mulla
Subject: Update custom field from SNOW

We are planning to get SNOW ticket status into resilient custom field, what is the resilient REST API end point to perform this action.

------------------------------
Dastagirsab Mulla
------------------------------

Thank you very much it really helped me. In same way if I want to GET data from field and use it for external integration, what will be the syntax?

------------------------------
Dastagirsab Mulla
------------------------------

Original Message:
Sent: Thu August 15, 2019 09:47 AM
From: Ben Lurie
Subject: Update custom field from SNOW

You can use the PATCH HTTP verb with the /rest/orgs/<org id>/incidents/<incident id> url. 

Here is an example curl command:

curl 'http://localhost:8080/rest/orgs/201/incidents/2595?return_dto=true' -X PATCH -H 'Origin: http://localhost:8080' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.9' -H 'browser_locale: en' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: CSRF_TOKEN=7b2276616c7565223a226666373765366265643333303331343338383330313561386562333531633332227d; JSESSIONID=C8898321D0C1EEC5896A987F01A90EFF' -H 'Connection: keep-alive' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: application/json' -H 'Accept: */*' -H 'Referer: http://localhost:8080/' -H 'text_content_output_format: objects_convert' -H 'X-sess-id: 7adf4a14121aac7ffd969af6912b2a9c' -H 'handle_format: null' --data-binary '{"changes":[{"field":"service_now_ticket_status","old_value":{},"new_value":{"text":"closed"}}]}' --compressed

This changes the custom field service_now_ticket_status to closed.

------------------------------
Ben Lurie

Original Message:
Sent: Wed August 14, 2019 07:46 AM
From: Dastagirsab Mulla
Subject: Update custom field from SNOW

We are planning to get SNOW ticket status into resilient custom field, what is the resilient REST API end point to perform this action.

------------------------------
Dastagirsab Mulla
------------------------------