IBM Security QRadar SOAR

 View Only
  • 1.  API filters not working

    Posted Fri September 10, 2021 09:12 AM
    Hi All,

    Currently trying to pull the active incidents, between two dates, using the '/incidents/query' API. However, I cannot get it working...

    I filtered using the GUI's incident view and copied the JSON from the network tab and that didn't work either. I've posted a screenshot of the filters and the error below. Can anyone spot what the issue is?

    Thanks,
    Gareth




    ------------------------------
    Thanks,
    Gareth
    ------------------------------


  • 2.  RE: API filters not working

    Posted Mon September 13, 2021 08:07 AM
    The body data supplied looks good. I typically also use the UI to get the appropriate format for API calls.

    A bug was recently fixed with that addresses these types of issues with the interactive API. Should be fixed in next release.

    Sometimes I'll use curl to play with the API. Can get the curl command from the browser developer tools.



    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: API filters not working

    Posted Mon September 13, 2021 10:39 AM
    Dear Gareth,
    For filtering records, I am using get and lte methods.
    The filter listed below should work which I use in some python scripts. The error is invalid JSON, so there may be a comma missing in your json string before "sorts". 
    I hope that helps.
    Kind Regards


    {
    'filters': [{
       'conditions': [
          {
             'field_name': 'create_date',
             'method': 'gte',
             'value': 1627779600000 
          },
          {
             'field_name': 'create_date',
             'method': 'lte',
             'value': 1630454399000
          },
          {
             'field_name': 'name',
             'method': 'not_contains',
             'value': "Unwanted String" 
          }
       ],
       }],
          "sorts": [{
          "field_name": "create_date",
          "type": "desc"
       }]
    }

    ------------------------------
    Aydin Kucukkarakas
    ------------------------------