IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Authenticate to SessionREST endpoint with API key/secret

  • 1.  Authenticate to SessionREST endpoint with API key/secret

    Posted Thu February 27, 2020 12:05 PM
    Hello,

    Is it possible to authenticate against the /rest/session endpoint with an API key_id and secret?
    We are using Resilient version 35.2.32

    ------------------------------
    Kind Regards,
    Gert Huisman
    ------------------------------


  • 2.  RE: Authenticate to SessionREST endpoint with API key/secret

    Posted Mon March 02, 2020 12:15 PM
    Yes, I am doing it often using the Call Rest API function / workflow integration in fn_utilities.

    for example, to delete a artifact, the preprocess script is :

    # we do a DELETE rest action
    inputs.rest_method = "DELETE"

    # This should be adapted to your Resilient Domain Name from your integration server, and your ORG
    # inputs.rest_url = u"https://{myresilientdomainname}/rest/orgs/{myorgnumber}/incidents/{}/artifacts/{}".format(incident.id,artifact.id)
    inputs.rest_url = u"https://resilient.localdomain/rest/orgs/201/incidents/{}/artifacts/{}".format(incident.id,artifact.id)

    # use a Specific API credential that is visible and create the encode version using this command in SSH: echo -n "api_key_id:api_key_secret" | base64
    api_encoded_credentials = "ZjJlNGUyYTMtMTlhMS00Zxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5NTlUYV8weVhkc01ILVZZZFNraG8="

    # HTTP headers can be specified as a multi-line string
    inputs.rest_headers = """
    Content-Type: application/json
    Authorization: Basic {}
    """.format(api_encoded_credentials)

    # The 'rest_verify' parameter (Boolean) indicates whether to verify SSL certificates.
    # This should be True unless you need to connect to a self-signed or other invalid cert.
    inputs.rest_verify = False

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------

    Original Message