Hi Jared,
Thanks for your post, you mentioned the efficient nature of retrieving incidents data from the API endpoint in your post. The reason for deprecation of the existing endpoints is exactly that, system load and efficiently of retrieving such relevant incident data. The old API endpoints have been deprecated for performance reasons. Those APIs are very expensive in terms of cpu and memory on the Resilient instance, especially as you scale to large numbers of incidents.
As mentioned in the deprecation message in the Interactive REST API:
The POST /rest/incidents/query_paged endpoint should be used.
The query paged API is much better for your use case anyway, since you can target exactly the set of incidents they want rather than all incidents or all open incidents where you need additional logic to process a further subset that is of interest to you. I hope this detail is of help to you, please don't hesitate to contact us if you have further questions.
Kind regards,
------------------------------
Sean OGorman
------------------------------
Original Message:
Sent: Tue July 28, 2020 03:09 PM
From: Jared Fagel
Subject: Querying Incidents via API
What's the best way to query incidents via the API?
My use case is retrieving incidents with a field containing a certain value (efficiently). I'll be doing this through a Python script with resilient_client.get(uri)
I see that these both are deprecated, without reason or further information:
GET /orgs/{org_id}/incidents
GET /orgs/{org_id}/incidents/open
------------------------------
Jared Fagel
Cyber Security Analyst I
Public Utility
------------------------------