IBM Security QRadar SOAR

 View Only

  • 1.  Create an Incident by API Rest without Resilient

    Posted 14 days ago

    Hello,

    Currently I'm trying to create an incident by REST API using the endpoint api/respond/rest/orgs/xxxxx/incidents.

    My question is, Exist a kind of minimum data to set in the json body?

    Like when i create the incident by api only set the name. Could somebody give me an example please?

    My code is some like this:

    def generarCaso(query):
    auth = HTTPBasicAuth("xxxxxx", "xxxxxx")
    try:
        respuesta_api = requests.post("endpointurl", auth=auth, json=query, verify=False)
        respuesta_api.raise_for_status()
        salida_api = respuesta_api.json()
        print ("La salida es {}".format(salida_api))
    except ChunkedEncodingError as e:
        print(f"Error de ChunkedEncoding: {e}")
    except requests.RequestException as e:
        print(f"Error de solicitud: {e}")

    and the json that i trying to put in the request is 

    query ='''
    {
    "name" : "test",
    "discovered_date" : 1620020451000,
    "plan_status" : "O",
    }
    '''


    ------------------------------
    Juan Parentini
    ------------------------------


  • 2.  RE: Create an Incident by API Rest without Resilient

    Posted 14 days ago

    Sorry, i forgot connect this post https://community.ibm.com/community/user/security/discussion/create-incident-from-powershell because is in some way the same idea 



    ------------------------------
    Juan Parentini
    ------------------------------

    Original Message


  • 3.  RE: Create an Incident by API Rest without Resilient
    Best Answer

    Posted 14 days ago
    Edited by Juan Parentini 18 hours ago

    I already resolved this using only this in the json:

    "name": "test",
    "discovered_date": time_now
     
    Thanks.



    ------------------------------
    Juan Parentini
    ------------------------------

    Original Message