Hello  Everyone,

I need help on updating incident parameters and I am not getting proper payload for the same. Can you please share sample payload?

How can I patch an incident? As of now, I need to first call GET method and get incident details and then call PUT method and pass all incident attributes. In this case, I have to make 2 calls just to update few attributes. Ideally there should be 1 call. pls suggest.
For example: I have following attributes in dictionary which I need to update.. Can you help me with payload and method to call ==> {'properties': {'parent_incident_id': 123456,  'criticality': 'Criticality 4', 'merged_incident_id': 123456}, 'plan_status': 'C', 'resolution_id': 'Duplicate', 'resolution_summary': 'Merging the incidents'}

Also, I noticed one API call which accepts multiple incidents to patch. Can you share the example to use that API?
API => PUT /orgs/{org_id}/incidents/patch

I am looking to update 10 incidents at a time. Any suggestion on this please.

Thanks

------------------------------
Priyank Saluja
------------------------------

I have found the best way to find out how to use the API is by using the Resilient UI. Here is an example where I'm reassigning multiple incidents to a new workspace:


curl 'https://server/rest/orgs/230/incidents' -X PATCH -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Content-Type: application/json' -H 'X-sess-id: 0be97c6663be62d2282b693990d5e9fc' -H 'handle_format: ids' -H 'text_content_output_format: objects_convert' -H 'browser_locale: en' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: _ga=GA1.2.1382814266.1575940211; JSESSIONID=57D84D593D7B19A0A97C7DEB9B40964C; CSRF_TOKEN=7b2276616c7565223a223935656236313738653636633432373564373234356430373362333632656431227d' --data-raw '{"patches":{"26044":{"version":7,"changes":[{"old_value":{"object":{"id":66,"name":"Default workspace"}},"new_value":{"object":"228"},"field":{"name":"workspace","id":null,"null":false}}]},"26045":{"version":32,"changes":[{"old_value":{"object":{"id":66,"name":"Default workspace"}},"new_value":{"object":"228"},"field":{"name":"workspace","id":null,"null":false}}]}}}'

Here is the actual POST data:

{
  "patches": {
    "26044": {
      "version": 7,
      "changes": [
        {
          "old_value": {
            "object": {
              "id": 66,
              "name": "Default workspace"
            }
          },
          "new_value": {
            "object": "228"
          },
          "field": {
            "name": "workspace",
            "id": null,
            "null": false
          }
        }
      ]
    },
    "26045": {
      "version": 32,
      "changes": [
        {
          "old_value": {
            "object": {
              "id": 66,
              "name": "Default workspace"
            }
          },
          "new_value": {
            "object": "228"
          },
          "field": {
            "name": "workspace",
            "id": null,
            "null": false
          }
        }
      ]
    }
  }
}

Notice that you need the old data and the current version number of the incident. This is necessary so that the system can determine if the data has changed since you last saw it. This is to prevent the "last writer" wins scenario. I supposed you could claim there should be a way to "force" PATCH. If you want to force update you have to use the PUT operation on an incident which as you pointed out requires all the incident details.

So pretty much either way you'll need the current incident data to use either PATCH or PUT.

The changes is an array so you can send updates for multiple fields at the same time.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed May 13, 2020 11:24 AM
From: Priyank Saluja
Subject: Need help on payload for Incident API

Hello  Everyone,

I need help on updating incident parameters and I am not getting proper payload for the same. Can you please share sample payload?

How can I patch an incident? As of now, I need to first call GET method and get incident details and then call PUT method and pass all incident attributes. In this case, I have to make 2 calls just to update few attributes. Ideally there should be 1 call. pls suggest.
For example: I have following attributes in dictionary which I need to update.. Can you help me with payload and method to call ==> {'properties': {'parent_incident_id': 123456,  'criticality': 'Criticality 4', 'merged_incident_id': 123456}, 'plan_status': 'C', 'resolution_id': 'Duplicate', 'resolution_summary': 'Merging the incidents'}

Also, I noticed one API call which accepts multiple incidents to patch. Can you share the example to use that API?
API => PUT /orgs/{org_id}/incidents/patch

I am looking to update 10 incidents at a time. Any suggestion on this please.

Thanks

------------------------------
Priyank Saluja
------------------------------

Hi Priyank,
Is using our resilient python package a possibility for you ? Within it we have a function called get_put which will perform a GET on an Incident for the needed attributes followed by a put with your needed changes; all encapsulated within 1 function call. If this is suitable for you and you have a list of incident IDs as well as a list of changes you could then use this call within a for loop to handle multiple updates. 

Link:https://github.com/ibmresilient/resilient-python-api/blob/master/resilient/resilient/co3.py#L494

Heres a bit of pseudocode that I can't guarantee will work straight away: 

ids_to_update = [2095,2095,2097,2098,2099]

def update_inc(incident, data_to_update):
   //logic to update the incident object
   incident['field_to_update'] = 'foo'

for inc_id in ids_to_update:
    result = self.client.get_put("/incidents/{}".format(incident_id),
                                     lambda incident: update_with_result(incident, data_to_update)​

For some more examples have a look at the task_utils integration, we use get_put heavily there to update or close a task. 
If this helps you could you 'Recommend' the answer so others can find it in future. 

Ryan

------------------------------
Ryan Gordon
Security Software Engineer
IBM
------------------------------

Original Message:
Sent: Wed May 13, 2020 11:24 AM
From: Priyank Saluja
Subject: Need help on payload for Incident API

Hello  Everyone,

I need help on updating incident parameters and I am not getting proper payload for the same. Can you please share sample payload?

How can I patch an incident? As of now, I need to first call GET method and get incident details and then call PUT method and pass all incident attributes. In this case, I have to make 2 calls just to update few attributes. Ideally there should be 1 call. pls suggest.
For example: I have following attributes in dictionary which I need to update.. Can you help me with payload and method to call ==> {'properties': {'parent_incident_id': 123456,  'criticality': 'Criticality 4', 'merged_incident_id': 123456}, 'plan_status': 'C', 'resolution_id': 'Duplicate', 'resolution_summary': 'Merging the incidents'}

Also, I noticed one API call which accepts multiple incidents to patch. Can you share the example to use that API?
API => PUT /orgs/{org_id}/incidents/patch

I am looking to update 10 incidents at a time. Any suggestion on this please.

Thanks

------------------------------
Priyank Saluja
------------------------------

I have this function for patching an incident. 
You need to import resilient

    def _update_incident(self, incident_id, incident_payload):
        """ _update_incident will update an incident with the specified json payload.
        :param incident_id: incident ID of incident to be updated.
        ;param incident_payload: incident fields to be updated.
        :return:
        """
        try:
            # Update incident
            incident_url = "/incidents/{0}".format(incident_id)
            incident = self.rest_client().get(incident_url)
            patch = resilient.Patch(incident)

            # Iterate over payload dict.
            for name, value in incident_payload.items():
                if name == 'properties':
                    for field_name, field_value in incident_payload['properties'].items():
                        patch.add_value(field_name, field_value)
                else:
                    payload_value = incident_payload.get(name)
                    patch.add_value(name, payload_value)

            patch_result = self.rest_client().patch(incident_url, patch)
            result = self._chk_status(patch_result)
            return result if result else {}

        except Exception as err:
            raise IntegrationError(err)

------------------------------
AnnMarie Norcross
------------------------------

Original Message:
Sent: Wed May 13, 2020 11:24 AM
From: Priyank Saluja
Subject: Need help on payload for Incident API

Hello  Everyone,

I need help on updating incident parameters and I am not getting proper payload for the same. Can you please share sample payload?

How can I patch an incident? As of now, I need to first call GET method and get incident details and then call PUT method and pass all incident attributes. In this case, I have to make 2 calls just to update few attributes. Ideally there should be 1 call. pls suggest.
For example: I have following attributes in dictionary which I need to update.. Can you help me with payload and method to call ==> {'properties': {'parent_incident_id': 123456,  'criticality': 'Criticality 4', 'merged_incident_id': 123456}, 'plan_status': 'C', 'resolution_id': 'Duplicate', 'resolution_summary': 'Merging the incidents'}

Also, I noticed one API call which accepts multiple incidents to patch. Can you share the example to use that API?
API => PUT /orgs/{org_id}/incidents/patch

I am looking to update 10 incidents at a time. Any suggestion on this please.

Thanks

------------------------------
Priyank Saluja
------------------------------

Please find below an example to update incident to be closed using Patch method - Python3

import resilient
import json

parser=resilient.ArgumentParser(config_file=resilient.get_config_file())
opts=parser.parse_args()
client=resilient.get_client(opts)

resolution_id=10
plan_status=u'C'
uri='/incidents/2099'
res_sum="testing Purposes"

incident=client.get(uri)
patch=resilient.Patch(incident)
patch.add_value("resolution_id", resolution_id)
patch.add_value("resolution_summary", res_sum)
patch.add_value("plan_status", plan_status)
client.patch(uri, patch, overwrite_conflict=True)

------------------------------
Ahmed Elsayed
------------------------------

Original Message:
Sent: Wed May 13, 2020 11:24 AM
From: Priyank Saluja
Subject: Need help on payload for Incident API

Hello  Everyone,

I need help on updating incident parameters and I am not getting proper payload for the same. Can you please share sample payload?

How can I patch an incident? As of now, I need to first call GET method and get incident details and then call PUT method and pass all incident attributes. In this case, I have to make 2 calls just to update few attributes. Ideally there should be 1 call. pls suggest.
For example: I have following attributes in dictionary which I need to update.. Can you help me with payload and method to call ==> {'properties': {'parent_incident_id': 123456,  'criticality': 'Criticality 4', 'merged_incident_id': 123456}, 'plan_status': 'C', 'resolution_id': 'Duplicate', 'resolution_summary': 'Merging the incidents'}

Also, I noticed one API call which accepts multiple incidents to patch. Can you share the example to use that API?
API => PUT /orgs/{org_id}/incidents/patch

I am looking to update 10 incidents at a time. Any suggestion on this please.

Thanks

------------------------------
Priyank Saluja
------------------------------