IBM Security QRadar

 View Only

Exporting SOAR incidents using script

  • 1.  Exporting SOAR incidents using script

    Posted 8 days ago

    Hello,

    I need to export incidents from SOAR using Python for reporting purposes, with all data including tasks, notes, etc.

    I searched all available information on net, but there is not much. I tried to use example available on https://github.com/ibmresilient/resilient-python-examples/tree/master/export-to-json, but script is not working for me. I am getting errors like this:

    Traceback (most recent call last):

      File "export-to-json/export_to_json/bin/export_to_json.py", line 513, in <module>

        main()

      File "export-to-json/export_to_json/bin/export_to_json.py", line 506, in main

        export_context.export_json()

      File "export-to-json/export_to_json/bin/export_to_json.py", line 496, in export_json

        return self.export_data()

      File "export-to-json/export_to_json/bin/export_to_json.py", line 474, in export_data

        incident["artifacts"] = list(self.get_artifacts(incident))

      File "export-to-json/export_to_json/bin/export_to_json.py", line 407, in get_artifacts

        artifact = self.clean_schema(artifact, "artifact")

      File "export-to-json/export_to_json/bin/export_to_json.py", line 212, in clean_schema

        new_object[prefix][field_name] = target_object[prefix][field_name]

    TypeError: 'NoneType' object is not subscriptable

     

    I don't know if this script should work with latest versions of SOAR since it is 4 years old?

    Are there any other more recent examples except that? Doing this from scratch looks too complex and time consuming.

    Thanks.



    ------------------------------
    Igor Sever
    ------------------------------