IBM Security QRadar SOAR

 View Only
  • 1.  Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 01:02 PM
    All,

    I have created an app that has a function that queries IBM SOAR for artifacts. However, I can't figure out how to set the 'Read artifacts' permission within the app's `apikey_permissions.txt` file.

    Here's the permission within IBM SOAR I want to set:



    In the mean time I have manually updated the API key within the GUI to have this permission as shown above. However it appears whenever I upgrade the app the manually set 'artifact read' permission goes away, so this is not an acceptable long term solution as I've already been burned by this - haven't been able to remember that I manually need to update the API key permission after upgrading the specific app.

    Am I missing the entry in `apikey_permissions.txt` to set this? If it's missing is there anything we can do to get it added?

    Thanks!

    ------------------------------
    Liam Mahoney
    ------------------------------


  • 2.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 01:38 PM
    Hi Liam! You're not missing anything, that permission isn't listed out in the template apikey_permissions.txt file...

    I was able to find the correct permission handle:
    view_global_artifacts​

    There is also manage_global_artifacts​, create_global_artifacts​, edit_global_artifacts​, and delete_global_artifacts​ available for that permission.

    I will ask around to see if we can have those all added to the list of available permissions for future iterations of the SDK so that apps created with codegen will have all the available permissions enumerated in the template permissions.txt file.



    ------------------------------
    Bo Bleckel
    ------------------------------



  • 3.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 01:59 PM
    Bo,

    That sounds great thank you!

    If I manually add `view_global_artifacts` to the `apikey_permissions.txt` file will that work for now? Or is there additional work that needs to be done for that to work?

    ------------------------------
    Liam Mahoney
    ------------------------------



  • 4.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 02:13 PM
    That'll get the job done! Give it a try and let me know if it doesn't.

    ------------------------------
    Bo Bleckel
    ------------------------------



  • 5.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 02:39 PM
    Bo,

    I added `view_global_artifacts` to the `apikey_permissions.txt` file as seen below:


    I then packaged the app and upgraded it. When upgrading I now see this error:


    I deleted that line from apikey_permissions.txt and was then able to successfully update, validating this was causing the error

    ------------------------------
    Liam Mahoney
    ------------------------------



  • 6.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Fri November 11, 2022 03:18 PM
    Hey Liam -- the issue there is the newline between #edit_data and the extra permission.
    ​ Try removing that newline and see if it works

    ------------------------------
    Bo Bleckel
    ------------------------------



  • 7.  RE: Read Artifact Permission in App's `apikey_permissions.txt` File

    Posted Mon November 14, 2022 10:50 AM
    Bo,

    That fixed it, thank you!

    Appreciate all the help!

    ------------------------------
    Liam Mahoney
    ------------------------------