IBM Security QRadar SOAR

 View Only
  • 1.  Update custom field from SNOW

    Posted Wed August 14, 2019 07:46 AM
    We are planning to get SNOW ticket status into resilient custom field, what is the resilient REST API end point to perform this action.

    ------------------------------
    Dastagirsab Mulla
    ------------------------------


  • 2.  RE: Update custom field from SNOW

    Posted Thu August 15, 2019 09:48 AM
    You can use the PATCH HTTP verb with the /rest/orgs/<org id>/incidents/<incident id> url. 

    Here is an example curl command:

    curl 'http://localhost:8080/rest/orgs/201/incidents/2595?return_dto=true' -X PATCH -H 'Origin: http://localhost:8080' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.9' -H 'browser_locale: en' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: CSRF_TOKEN=7b2276616c7565223a226666373765366265643333303331343338383330313561386562333531633332227d; JSESSIONID=C8898321D0C1EEC5896A987F01A90EFF' -H 'Connection: keep-alive' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: application/json' -H 'Accept: */*' -H 'Referer: http://localhost:8080/' -H 'text_content_output_format: objects_convert' -H 'X-sess-id: 7adf4a14121aac7ffd969af6912b2a9c' -H 'handle_format: null' --data-binary '{"changes":[{"field":"service_now_ticket_status","old_value":{},"new_value":{"text":"closed"}}]}' --compressed

    This changes the custom field service_now_ticket_status to closed.


    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: Update custom field from SNOW

    Posted Mon August 19, 2019 10:35 AM
    Thank you very much it really helped me. In same way if I want to GET data from field and use it for external integration, what will be the syntax?

    ------------------------------
    Dastagirsab Mulla
    ------------------------------