IBM Security QRadar SOAR

 View Only
  • 1.  Download artifact

    Posted Tue July 28, 2020 12:30 PM
    Hi

    I am trying to download an artifact (Other file type). This is my current code which doesn't work.

    import resilient


    class ArgumentParser(resilient.ArgumentParser):
    def __init__(self, config_file=None):
    super(ArgumentParser, self).__init__(config_file=config_file)


    parser = ArgumentParser(config_file=resilient.get_config_file())
    opts = parser.parse_args()

    # Create SimpleClient for a REST connection to the Resilient services
    resilient_client = resilient.get_client(opts)

    incident_id = 12712
    artifact_id = 24953

    artifacts = []

    a = resilient_client.get_content('/incidents/{}/artifacts/{}/contents?handle_format=names'.format(incident_id, artifact_id))
    with open("a.exe", "wb") as exe:
    exe.write(a

    How can I achieve that task ?

    Doing the same query from Interactive REST API I obtain a blob file which have wrong dimmensions compared to the original artifact.

    Thanks

    ------------------------------
    Lucian Sipos
    ------------------------------


  • 2.  RE: Download artifact

    Posted Tue March 23, 2021 09:14 PM
    By design, the file type artifact is not allowed to download because it could be suspicious or malicious. I'd suggest if a need to download a file from this platform, it should be uploaded as an attachment, not an artifact. hope this help.

    ------------------------------
    Leo Kuo
    ------------------------------