I figured out the solution. I basically dumped all my values into dictionaries with a key of label and then appended those to a list. To populate the select values and wipe the previous ones, updating "values" with your new list is all that's required as it will remove everything else. See example below.
soar_url = "https://10.10.10.118/rest/orgs/356/types/incident/fields/vendors"
soar_payload = json.dumps({
"id": 1817,
"name": "vendors",
"text": "Vendors",
"short_text": "",
"prefix": "properties",
"type_id": 0,
"tooltip": "",
"placeholder": "",
"input_type": "select",
"hide_notification": False,
"chosen": False,
"default_chosen_by_server": False,
"blank_option": False,
"internal": False,
"uuid": "0efb6df5-c586-4c1a-9a49-998352e07ecc",
"values": vendors_list
})
soar_headers = {
'Content-Type': 'application/json',
'Authorization': var_password
}
soar_response = requests.request("PUT", soar_url, headers=soar_headers, data=soar_payload, verify=False)
Hope this helps others....
------------------------------
Mr Coco
------------------------------
Original Message:
Sent: Thu November 16, 2023 12:49 PM
From: Mr Coco
Subject: How do you update field list values for an incident field? QRadar SOAR REST API / TypeREST endpoint
Thanks Calvin!
I am famliar with these packages but I was hoping to get more input on code examples for the API endpoint in question (PUT /orgs/{org_id}/types/{type}/fields/{field}). The SimpleClient PUT examples I don't find to be helpful when I'm trying to understand exactly what all inputs I need to pass. There is a mammoth amount of things that have to be supplied in the endpoint and I essentially just need to wipe the values and then add new ones. I was hoping someone had ran into this at some point or another.
------------------------------
Mr Coco
Original Message:
Sent: Thu November 16, 2023 09:04 AM
From: Calvin Wynne
Subject: How do you update field list values for an incident field? QRadar SOAR REST API / TypeREST endpoint
Hi Coco,
If you are trying to simply access SOAR's Endpoint from a python instance, you could do so using the resilient package for python. More instructions on this can be found here. I think this should answer your question. If you wish to create an application that can be installed on SOAR you would need to do so using resilient-circuits and resilient-lib.
Regards,
------------------------------
Calvin Wynne
Original Message:
Sent: Mon November 13, 2023 01:20 PM
From: Mr Coco
Subject: How do you update field list values for an incident field? QRadar SOAR REST API / TypeREST endpoint
I'm trying to figure out how to do what I thought would be a simple task but it seems much more complex than I originally thought with the QRadar SOAR REST API. Basically my use case is the following.
Summary Problem Statement
I need to copy a list of values to be my values for a specific incident field which is used in existing worklfows. These will basically be value from a select list which when selected has rules which execute workflows to pull in data from another API.
Code Logic Thought Process
- (via Python) I will have a list of about 700 unique values that we will use.
- Update specific incident field values to be empty to prepare for updating with list from #1.
- Add #1 list of values to incident field select list.
I looked at the PUT /orgs/{org_id}/types/{type}/fields/{field} section but it's a massive amount of stuff and I have no idea where to start despite reading it. :)
Has anyone done something likes this before?
------------------------------
Mr Coco
------------------------------