Hey Deepansh,
I just did some testing on this and here is what I found. You don't keep object in there, you actually replace that with your text. Also you don't need the version in there. That is for if you want version checking. So you would do something like this:
{
"changes": [
{
"field": {
"name": "severity_code"
},
"old_value": {
"text": "Low"
},
"new_value": {
"text": "High"
}
}
]
}
Next comes with the custom fields. I found that it appears that it doesn't matter if something is in the properties section of the incident or not, we are just going to provide the incidents api name and nothing else. See Below:
{
"changes": [
{
"field": {
"name": "snow_ticket_open"
},
"old_value": {
"boolean": null
},
"new_value": {
"boolean": true
}
}
]
}
Hope that information helps whatever you are building!
------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security
------------------------------
Original Message:
Sent: Thu July 13, 2023 05:49 AM
From: Deepansh Saini
Subject: Patch REST API fails on nested properties.
Hi,
I am trying to do a PATCH to an incident on the Swagger documentation provided on Resilient. But I am getting this error for the attached body
{ "changes": [ { "field": { "id": {}, "name":"properties.domain" }, "old_value": { "object": { "text": "MYORG" } }, "new_value": { "object": { "text": "MYNEWORG" } } } ], "version": 12345 }
The response is
That is weird as the same properties.domain works when I fetch incidents but not when I PATCH them when clearly the domain is part of properties of incident,
What field should I use so that I can patch the incident or Is the nomenclature different to get this domain field?
------------------------------
Deepansh Saini
------------------------------