IBM Security QRadar SOAR

 View Only
  • 1.  Make Resilient rest api calls inside of script?

    Posted Tue June 01, 2021 05:27 PM
    I am wanting to retrieve a specific data table in it's entirety from an incident when the rule is triggered.
    From everywhere I have searched, this doesn't appear possible, at least using the available scripting api.
    Is it possible to call out to the Resilient rest api within a script so i can get the data table contents?

    ------------------------------
    Tim Gray
    ------------------------------


  • 2.  RE: Make Resilient rest api calls inside of script?

    Posted Wed June 02, 2021 04:50 AM
    Hi Tim,

    It sounds like you'll need to use a workflow or playbook function to do this. Take a look at this app and see if it would help IBM SOAR Data Table Helper Functions

    ------------------------------
    Sean Mc Cann
    ------------------------------



  • 3.  RE: Make Resilient rest api calls inside of script?

    Posted Wed June 02, 2021 05:43 PM

    Hi Sean,

    The app looks very promising. Thank you for showing me that.
    I am following the instructions from IBM to download/install a package (https://www.ibm.com/docs/en/rsoa-and-rp/38?topic=packages-downloading-installing-package) but none of the features (functions, example data table) show up in resilient.

    The package shows up in the resilient-circuits list command, and python shows it as an installed package as well so from all those appearances, it looks good.
    The app log shows no errors either.
    In the UI though, there are no new data table functions.
    Am I missing something?



    ------------------------------
    Tim Gray
    ------------------------------



  • 4.  RE: Make Resilient rest api calls inside of script?

    Posted Thu June 03, 2021 04:52 AM
    Hi Tim,

    Sounds like you need to use resilient-circuits customize to import these features into your Resilient instance. Here are the docs for doing that: Deploying and testing

    ------------------------------
    Sean Mc Cann
    ------------------------------



  • 5.  RE: Make Resilient rest api calls inside of script?

    Posted Thu June 03, 2021 01:20 PM
    Got it!
    I was missing the last part to run "resilient-circuits customize -l fn-datatable-utils"

    ------------------------------
    Tim Gray
    ------------------------------