IBM Security QRadar SOAR

 View Only
  • 1.  IncidentNoteREST - GET /orgs/{org_id}/incidents/{inc_id}/comments API

    Posted Sun June 21, 2020 10:04 PM
    The API call GET /orgs/{org_id}/incidents/{inc_id}/comments only allows me to pull comments, which is working.

    I have a scenario, where i need to transfer this comments to a custom field, which will enable me to manipulate the API call.

     Is it possible to transfer the notes to a new custom field so that I can pull this note/comments?




    ------------------------------
    Dan
    ------------------------------


  • 2.  RE: IncidentNoteREST - GET /orgs/{org_id}/incidents/{inc_id}/comments API

    Posted Mon June 22, 2020 09:16 AM
    You can PATCH an incident field:

    curl 'https://staging1-02/rest/orgs/230/incidents/26045?return_dto=true' -X PATCH -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Content-Type: application/json' -H 'handle_format: null' -H 'X-sess-id: 2b63678c6de1c578e4cb9f21dde95085' -H 'text_content_output_format: objects_convert' -H 'browser_locale: en' -H 'X-Requested-With: XMLHttpRequest' -H 'Origin: https://staging1-02.internal' -H 'Connection: keep-alive' -H 'Referer: https://staging1-02.internal/' -H 'Cookie: _ga=GA1.2.1382814266.1575940211; JSESSIONID=5618583DCE278405731E0658FEE4; CSRF_TOKEN=7b2276616c7565223a22353661333933316164643235623533366562353233303234653836636237227d' --data-raw '{"changes":[{"field":"custom_text","old_value":{},"new_value":{"text":"fdfdfdfdfd"}}]}'


    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: IncidentNoteREST - GET /orgs/{org_id}/incidents/{inc_id}/comments API

    Posted Tue June 23, 2020 09:12 PM
    Thanks Ben, will test it out

    ------------------------------
    Rashdan Abdul Rahim
    ------------------------------