IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Patch REST API Calls From SOAR

    Posted Thu July 08, 2021 12:12 AM
    Hi,

    I wanted to make a REST API Call using PATCH Method. This is currently not supported by the REST API function in fn_utilities package. I want to know if there is any alternative method/ approach to make a PATCH call from the IBM SOAR.
    It would also be helpful if I could find some relevant documents as well.

    ------------------------------
    Regards,
    K Aravind Menon
    ------------------------------


  • 2.  RE: Patch REST API Calls From SOAR

    Posted Fri July 09, 2021 08:35 AM
    Hello

    I have used the patch method to update an incident in the fn_secureworks_ctp integration found in our public github here.

    This is the function that uses patch:
        def _update_incident(self, incident_id, incident_payload):
            """ _update_incident will update an incident with the specified json payload.
            :param incident_id: incident ID of incident to be updated.
            ;param incident_payload: incident fields to be updated.
            :return:
            """
            try:
                # Update incident
                incident_url = "/incidents/{0}".format(incident_id)
                incident = self.rest_client().get(incident_url)
                patch = resilient.Patch(incident)
    
                # Iterate over payload dict.
                for name, value in incident_payload.items():
                    if name == 'properties':
                        for field_name, field_value in incident_payload['properties'].items():
                            patch.add_value(field_name, field_value)
                    else:
                        payload_value = incident_payload.get(name)
                        patch.add_value(name, payload_value)
    
                patch_result = self.rest_client().patch(incident_url, patch)
                result = self._chk_status(patch_result)
                return result if result else {}
    
            except Exception as err:
                raise IntegrationError(err)​


    I don't know of any documentation on the use of patch.

    Hope this helps!

    AnnMarie



    ------------------------------
    AnnMarie Norcross
    ------------------------------



  • 3.  RE: Patch REST API Calls From SOAR

    Posted Thu July 22, 2021 05:28 AM
    Thank you, I will check it out.

    ------------------------------
    K Aravind Menon
    ------------------------------