IBM Security SOAR

Expand all | Collapse all

Importing incidents from an Excel workbook

  • 1.  Importing incidents from an Excel workbook

    Posted 19 days ago
    Hi everybody,

    We used to manage our incidents with an Excel workbook.  We just switched to Resilient in the cloud and we would like to import the incidents that previously existed in the workbook.  I noticed that the extension "Utility functions for Resilient" contains a function to work with Excel.  Could I use it to import the excel data and create a new Resilient incident for each line read from the worksheet?  Is there a better way?

    Thanks for your advices.


    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Importing incidents from an Excel workbook

    Posted 14 days ago

    Hi Pierre,

    Yes. This capability should be possible, with one consideration. 
    First, I created a xlsx spreadsheet and added it as an attachment to an existing incident. I then create workflow and rule to read the attachment specifying the worksheet and column ranges similar this: "Sheet1"!A1:C2. The results returned was an array with each row returned and columns in column order):

    {
    'titles': ['Sheet1'],
    'sheets': {
       'Sheet1': {
          'A1:C2': [
             [
               'inc1',
               2034,
               'name1'
             ],
             [
               'inc2',
               2035,
               'name2'
             ]
          ],
          '_keys': ['A1:C2']
        },
        '_keys': ['Sheet1']
      }
    }

    Now the only consideration is creating the new incidents. There's no off the shelf function for doing that (fn_incident_utils would be the right package for us to enhance). So that would need to be a custom function you write to perform the mapping of your excel data columns to incident fields.

    Hope this helps.
    Mark



    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Importing incidents from an Excel workbook

    Posted 13 days ago
    Hi Mark,
    Thanks for your reply.
    I am pretty new with Resilient so I don't think I am ready to write a custom function.
    But, would it be possible to make this work by calling the "Call REST API" function from the fn_utilities and using the "POST /orgs/{org_id}/incidents" method for each line of the Excel range?

    ------------------------------
    Pierre Dufresne
    ------------------------------



  • 4.  RE: Importing incidents from an Excel workbook

    Posted 13 days ago
    Using Call Rest API is a possible solution. I would recommend using API keys as the logic is clearer.  Good luck.

    ------------------------------
    Mark Scherfling
    ------------------------------