Hi, Adam - We have 2 Artifact Bulk Upload options available here. The first is a 'self service' feature, where the user defines the required Artifacts as Type,Value,Description triples (although Description is optional - a program-generated description will be created if the user omits this), in a csv file and uploads this as an Attachment. A Rule makes an Action available to 'Bulk Upload Artifacts' from the Attachment. We recommend users keep this to about 50 rows at a time and the code limits it to 100, as Circuits processing is held up while the Bulk Upload takes place. Artifacts can be any supported type and for IP address, the code handles IP Address:Source, IP Address:Destination and IP Address:Both variants. When processing completes, a summary Note is added to the Incident, with full details of any errors. If all rows were successfully translated into Artifacts, the uploaded Attachment is deleted, though this feature could be omitted - our users felt it was preferable to allowing a repeated upload of the same data. A variation - no longer active but present in the code - is to rename the Attachment with the prefix '__uploaded' and then have the Artifact Rule exclude such files from the Bulk Upload action.
The second option - used for BU of > 50 items at a time - repurposes the above code as a standalone Python program, again fed with a csv file though not as an Attachment and (of course) using the Resilient API to create Artifacts and add a Note on completion. This is not a self-service program but can accommodate much larger uploads - the maximum so far being in the thousands, which was email address at risk in a big phishing incident.
If either or both of these approaches are of interest I am very willing to share code and support you in using it. I'm uploading a sample of the csv so you can see the format and an extract of the Circuits code FYI.
Please let me know if you'd like anything else.
Best regards - Edwin
------------------------------
Edwin Bolton
------------------------------
Original Message:
Sent: Thu October 29, 2020 04:31 AM
From: Adam
Subject: Artifact bulk upload
Hi,
We wish to upload multiple(sometimes almost a hundred) artifacts for incidents and this procedure is very painful manually.
Is there any way to bulk upload for every artifact types?
Thank you.
------------------------------
Adam
------------------------------