IBM Security QRadar SOAR

 View Only
  • 1.  Using API key with Python requests

    InnerCircle
    Posted Thu May 19, 2022 09:15 AM
    Hi all,

    Wondering if anyone has any example code of using a SOAR API key in an integration server Python script? Previously, we've used an account but had to switch to API keys. Can't for the life of me figure out what's wrong.

    import requests
    
    api_key_id = ''
    api_key_secret = ''
    headers = {'Content-Type': 'application/json'}
    auth = (api_key_id, api_key_secret)
    newSession = requests.Session()
    response = newSession.post('https://.com/rest/session',auth=auth,headers=headers,verify=False) 
    print(response.content)
    ​
    And the response is
    b'{"success":false,"title":null,"message":"Internal Server Error","hints":[],"error_code":"generic"}'​


    Thanks in advance



    ------------------------------
    Thanks,
    Gareth
    ------------------------------


  • 2.  RE: Using API key with Python requests

    Posted Fri May 20, 2022 08:30 AM
    Hi Gareth,

    Take a look at our resilient get_client() implementation: https://github.com/ibmresilient/resilient-python-api/blob/main/resilient/resilient/co3.py#L100

    The only difference may be the use of HTTPBasicAuth in the set_api_key method. Using the resilient package (installable from pypi) should be a short cut to any API calls you need to make back to the SOAR platform. Also, be mindful of the API key permissions needed. Fine grain permissions are possible so that your API key only needs the minimum permissions needed.

    Good luck,
    Mark

    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Using API key with Python requests

    Posted Fri May 20, 2022 09:06 AM
    Edited by Alexander Saulenko Fri May 20, 2022 09:10 AM
    Hi Gareth,

    Here is an example of creating a new incident via API:

    from __future__ import print_function 
    from requests.auth import HTTPBasicAuth 
    import requests 
    import json 
     
    def main(): 
      key_id = "-=key id=-" 
      key_secret = "-=key secret=-" 
     
      server = "-=IP address=-" 
      resource = "rest/orgs/202/incidents" 
      url = "https://{0}/{1}".format(server, resource) 
      headers = {"Content-Type": "application/json"} 
     
      name_of_the_incident="Incident from the Python script" 
      description_of_the_incident="Description" 
     
     
    auth = HTTPBasicAuth(key_id, key_secret) 
    req = requests.post(url, headers=headers, auth=auth, verify=False, data=json.dumps({"name":name_of_the_incident,"description":description_of_the_incident,"discovered_date":0})) 
     
    if __name__ == "__main__": 
      main() 


    ------------------------------
    Alexander Saulenko
    ------------------------------



  • 4.  RE: Using API key with Python requests

    InnerCircle
    Posted Sat May 21, 2022 08:27 AM
    Perfect, thanks both! :D 

    I'll have a play on Monday and let you know how I get on.

    Again, very much appreciated!

    ------------------------------
    Thanks,
    Gareth
    ------------------------------



  • 5.  RE: Using API key with Python requests

    Posted Mon May 23, 2022 06:31 AM
    Hi Gareth,

    Please also see our API Documentation at: https://ibm.biz/soar-python-docs

    Specifically checkout our working example of getting Incidents using our SimpleClient: https://ibmresilient.github.io/resilient-python-api/pages/resilient/resilient.html#resilient.co3.SimpleClient

    ------------------------------
    Shane Curtin
    Apps Engineer - IBM Security SOAR
    ------------------------------