IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  resilient-lib close_incident Bad Request

    Posted Mon August 22, 2022 10:33 AM
    Getting Bad Request: {"success":false,"title":null,"message":"Bad Request","hints":[],"error_code":"generic"} when trying Close an incident in SOAR using resilient-lib , see below (incident_id is str)

    res = close_incident(
                res_client=res_client,
                incident_id=incident_id,
                kwargs={"resolution_id""Not an Issue""resolution_summary""Lookup table updated",
                        "remediation_plan":"No Action Required""business_unit":"IT - Information Security"
                        "escalation":"None""location":"Corp"}, 
                handle_names=True
            )

    How do I troubleshoot for what is missing ?


    ------------------------------
    Irek Romaniuk
    ------------------------------


  • 2.  RE: resilient-lib close_incident Bad Request

    Posted Wed September 07, 2022 09:43 AM
    Hi Irek,

    More then likely you are missing a Required On Close field

    You can monitor the client.log to see more details about the error: https://www.ibm.com/docs/en/sqsp/46?topic=guide-log-file-configuration

    ------------------------------
    Shane Curtin
    Apps Engineer - IBM Security SOAR
    ------------------------------