Skip main navigation (Press Enter).

IBM TechXchange Community Conference Events IBM Developer

IBM TechXchange Community Conference Events IBM Developer

IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Create an Incident by API Rest without Resilient

Jump to Best Answer

Juan ParentiniFri May 03, 2024 12:25 PM

Hello, Currently I'm trying to create an incident by REST API using the endpoint api/respond/rest/orgs/xxxxx/incidents. ...

Juan ParentiniFri May 03, 2024 12:48 PM

Sorry, i forgot connect this post https://community.ibm.com/community/user/security/discussion/create-incident-from-powershell ...

Juan ParentiniFri May 03, 2024 02:24 PMBest Answer

I already resolved this using only this in the json: "name" : "test" , "discovered_date" ...

1. Create an Incident by API Rest without Resilient

Like
Juan Parentini
Posted Fri May 03, 2024 12:25 PM

Reply
Hello,

Currently I'm trying to create an incident by REST API using the endpoint api/respond/rest/orgs/xxxxx/incidents.

My question is, Exist a kind of minimum data to set in the json body?

Like when i create the incident by api only set the name. Could somebody give me an example please?

My code is some like this:

def generarCaso(query): auth = HTTPBasicAuth("xxxxxx", "xxxxxx") try: respuesta_api = requests.post("endpointurl", auth=auth, json=query, verify=False) respuesta_api.raise_for_status() salida_api = respuesta_api.json() print ("La salida es {}".format(salida_api)) except ChunkedEncodingError as e: print(f"Error de ChunkedEncoding: {e}") except requests.RequestException as e: print(f"Error de solicitud: {e}")

and the json that i trying to put in the request is

query ='''

{

"name" : "test",

"discovered_date" : 1620020451000,

"plan_status" : "O",

}

'''

------------------------------
Juan Parentini
------------------------------
2. RE: Create an Incident by API Rest without Resilient

Like
Juan Parentini
Posted Fri May 03, 2024 12:48 PM

Reply
Sorry, i forgot connect this post https://community.ibm.com/community/user/security/discussion/create-incident-from-powershell because is in some way the same idea

------------------------------
Juan Parentini
------------------------------

Original Message
3. RE: Create an Incident by API Rest without Resilient
Best Answer

Like
Juan Parentini
Posted Fri May 03, 2024 02:24 PM
Edited by Juan Parentini Fri May 17, 2024 09:37 AM

Reply
I already resolved this using only this in the json:

"name": "test",

"discovered_date": time_now

Thanks.

------------------------------
Juan Parentini
------------------------------

Original Message

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic

Global message icon