IBM Security QRadar SOAR

Hi All,

I'm looking for a way to get incidents filtering by Artifact Type using REST API. Do you know any way to do it without using search_ex endpoint?


Thanks,

------------------------------
Ana Gonzalez
------------------------------

Sorry, I cannot think of any REST API other than the search_ex endpoint to fulfill your need.

------------------------------
GILBERT LIAO
------------------------------

Original Message:
Sent: Tue March 16, 2021 02:04 PM
From: Ana Gonzalez
Subject: Filter by Artifact Type via REST API

Hi All,

I'm looking for a way to get incidents filtering by Artifact Type using REST API. Do you know any way to do it without using search_ex endpoint?


Thanks,

------------------------------
Ana Gonzalez
------------------------------

Instead of IncidentArtifactRest, ArtifactRest can provide filtering with Artifact Type, and then a further query of related_incident_artifacts with artifact_id recursively can provide you a list of incidents. Just you need to handle the aggregation of duplicated incidents.

------------------------------
Leo Kuo
------------------------------

Original Message:
Sent: Tue March 16, 2021 02:04 PM
From: Ana Gonzalez
Subject: Filter by Artifact Type via REST API

Hi All,

I'm looking for a way to get incidents filtering by Artifact Type using REST API. Do you know any way to do it without using search_ex endpoint?


Thanks,

------------------------------
Ana Gonzalez
------------------------------

Thanks!

I think that the solution of using the Artifact REST is a very good idea, but in the version I have in Resilient (v. 36.2) that endpoint is not there. Do you know from which version this endpoint is available?

------------------------------
Ana Gonzalez
------------------------------

Original Message:
Sent: Tue March 23, 2021 10:18 PM
From: Leo Kuo
Subject: Filter by Artifact Type via REST API

Instead of IncidentArtifactRest, ArtifactRest can provide filtering with Artifact Type, and then a further query of related_incident_artifacts with artifact_id recursively can provide you a list of incidents. Just you need to handle the aggregation of duplicated incidents.

------------------------------
Leo Kuo

Original Message:
Sent: Tue March 16, 2021 02:04 PM
From: Ana Gonzalez
Subject: Filter by Artifact Type via REST API

Hi All,

I'm looking for a way to get incidents filtering by Artifact Type using REST API. Do you know any way to do it without using search_ex endpoint?


Thanks,

------------------------------
Ana Gonzalez
------------------------------

V39 - Artifact Management feature

https://www.ibm.com/support/knowledgecenter/SSBRUQ_39.0.0/doc/Release_Notes/Features_0.html

------------------------------
Leo Kuo
------------------------------

Original Message:
Sent: Wed March 24, 2021 12:39 PM
From: Ana Gonzalez
Subject: Filter by Artifact Type via REST API

Thanks!

I think that the solution of using the Artifact REST is a very good idea, but in the version I have in Resilient (v. 36.2) that endpoint is not there. Do you know from which version this endpoint is available?

------------------------------
Ana Gonzalez

Original Message:
Sent: Tue March 23, 2021 10:18 PM
From: Leo Kuo
Subject: Filter by Artifact Type via REST API

Instead of IncidentArtifactRest, ArtifactRest can provide filtering with Artifact Type, and then a further query of related_incident_artifacts with artifact_id recursively can provide you a list of incidents. Just you need to handle the aggregation of duplicated incidents.

------------------------------
Leo Kuo

Original Message:
Sent: Tue March 16, 2021 02:04 PM
From: Ana Gonzalez
Subject: Filter by Artifact Type via REST API

Hi All,

I'm looking for a way to get incidents filtering by Artifact Type using REST API. Do you know any way to do it without using search_ex endpoint?


Thanks,

------------------------------
Ana Gonzalez
------------------------------