IBM Security QRadar

 View Only

Exporting SOAR incidents using script

  • 1.  Exporting SOAR incidents using script

    Posted 8 days ago


    I need to export incidents from SOAR using Python for reporting purposes, with all data including tasks, notes, etc.

    I searched all available information on net, but there is not much. I tried to use example available on, but script is not working for me. I am getting errors like this:

    Traceback (most recent call last):

      File "export-to-json/export_to_json/bin/", line 513, in <module>


      File "export-to-json/export_to_json/bin/", line 506, in main


      File "export-to-json/export_to_json/bin/", line 496, in export_json

        return self.export_data()

      File "export-to-json/export_to_json/bin/", line 474, in export_data

        incident["artifacts"] = list(self.get_artifacts(incident))

      File "export-to-json/export_to_json/bin/", line 407, in get_artifacts

        artifact = self.clean_schema(artifact, "artifact")

      File "export-to-json/export_to_json/bin/", line 212, in clean_schema

        new_object[prefix][field_name] = target_object[prefix][field_name]

    TypeError: 'NoneType' object is not subscriptable


    I don't know if this script should work with latest versions of SOAR since it is 4 years old?

    Are there any other more recent examples except that? Doing this from scratch looks too complex and time consuming.


    Igor Sever