IBM Security QRadar SOAR

 View Only
  • 1.  REST API Issues

    Posted Thu October 14, 2021 12:56 PM

    Hello,

    Having some issues with the REST API function from the fn_utilities application. In particular, attempting to communicate with AbuseIPDB (as the app is Resilient-only), but I believe the issue is more generic, and that there is some form of specific formatting for the function I am missing out on.

    From the attachments, Curl shows the result using the API with Curl and the exact same inputs, and what the textual output should show were it to work. The SOAR image shows the code and formatting being used for the headers and body/content.

    Result shows a small parsed result with the code and text - this text rarely appears when using Curl, and only when a malformed request is sent.

    Does anyone know where my formatting is going wrong?

    Many thanks,
    Keith



    ------------------------------
    Keith Stewart
    ------------------------------



  • 2.  RE: REST API Issues

    Posted Fri October 15, 2021 08:38 AM
    The -G option of curl takes all the items specified by the -data options and appends them to the URL as a query string. It doesn't look like the script is doing the same thing. It looks like the script is using a POST body?

    I'm not certain how to use query parameters with the function.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------