Glad you could figure it out. It's recommended to use query_paged if you want to query all incidents. This text is from "query" the interactive REST API doc:
Original Message:
Sent: Tue June 18, 2024 11:17 AM
From: Ekham Ramdul
Subject: Fetch incident via API with a limit
Hello AnnMarie,
Thank you for your quick answer !
In my case it was not working because I used the endpoind "query" instead of "query_paged". It seems that I don't have to use the parameter "recordTotal" to do what I want to achieve.
Regards
------------------------------
Ekham Ramdul
Original Message:
Sent: Tue June 18, 2024 10:22 AM
From: AnnMarie Norcross
Subject: Fetch incident via API with a limit
Hi Ekham
Here is an example from the fn_machine_learning integration that uses "length" in query. I think you also need to specify "start" and maybe "recordsTotal"...
def query_incidents(res_client, max_count=None, page_size=1000, in_log=None): """ Use the query endpoint since we are going to down load large number of incidents. :param res_client: Resilient client used to download incidents :param max_count: Max count for incidents to handle :param page_size: Number of incident to download for each call :return: All downloaded incidents in json """ log = in_log if in_log else logging.getLogger(__name__) incidents = [] url = "/incidents/query_paged?field_handle=-1&return_level=full" num_incidents = 0 ret_num = 0 done = False while not done: body = { "start": num_incidents, "length": page_size, "recordsTotal": page_size } ret = res_client.post(uri=url, payload=body) data = ret.get("data", []) ret_num = len(data) if ret_num > 0: log.debug("Downloaded {} incidents, total now {} ...".format(ret_num, ret_num + num_incidents)) incidents.extend(data) else: # # No more to read. # done = True num_incidents = num_incidents + ret_num if max_count: if num_incidents >= max_count: # # Reach max_count set by user, stop now # done = True return incidents
------------------------------
AnnMarie Norcross
Original Message:
Sent: Tue June 18, 2024 06:07 AM
From: Ekham Ramdul
Subject: Fetch incident via API with a limit
Hello,
I'm querying IBM SOAR incident using this parameters but it doesn't work because of the key "length" :
data = { "filters": [myfilter], "length": 10 }
How to query incidents via API with a limit of 10 incidents returned ?
Regards
------------------------------
Ekham Ramdul
------------------------------