IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Utility Functions for SOAR - Include data in Body

  • 1.  Utility Functions for SOAR - Include data in Body

    Posted Fri October 07, 2022 11:14 AM
    Edited by Arben Alia Fri October 07, 2022 11:22 AM
    Hi everybody,

    I am trying to integrate Sophos host management on the SOAR.

    I'm trying to use the Call RestAPI from Utility Functions for SOAR and I'm having a hard time including the data section in inputs.rest_body from the following request

    curl -X POST -H 'Content-Type:application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id=<id>&client_secret=<secret>&scope=token' https://id.sophos.com/api/v2/oauth2/token

    I have tried a lot of combinations however I haven't figured it out yet. (the last attempt is the following one but still not working)
    inputs.rest_body = f'grant_type=client_credentials&client_id={clientID}&client_secret={clientSecret}&scope=token'

    Can somebody help me?

    Thanks in advance



    ------------------------------
    Arben Alia
    ------------------------------


  • 2.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 12:38 PM

    Hi Arben,

    Try formatting the rest_body as string-encoded json:

    inputs.rest_body = f'{"grant_type":"client_credentials", "client_id":"{clientID}", "client_secret":"{clientSecret}", "scope":"token"}'



    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 01:55 PM
    Hi Mark,

    Trying this way I get "was unable to complete because: ValueError: Invalid format specifier "

    If I specify the clientID and clientSecret I get ": '400 Client Error: BAD REQUEST for url: https://id.sophos.com/api/v2/oauth2/token'"

    Thanks

    ------------------------------
    Arben Alia
    ------------------------------



  • 4.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 03:10 PM

    Are you using the python 2 scripting engine? Try the python 3 engine or change to:

    inputs.rest_body = '{"grant_type":"client_credentials", "client_id":"{}", "client_secret":"{}", "scope":"token"}'.format(ClientID, clientSecret)

     






  • 5.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 03:58 PM
    yes I'm using python 3. With the format method it returns

    " was unable to complete because: KeyError: '"grant_type"' "

    ------------------------------
    Arben Alia
    ------------------------------



  • 6.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 04:02 PM

    Be careful of smart quotes. Some applications like to replace ascii quotes with curl quotes which are not recognized by python.

     






  • 7.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 04:18 PM

    How can I overcome this issue?

    Thank you in advance Mark. 



    ------------------------------
    Arben Alia
    ------------------------------



  • 8.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 11, 2022 04:36 PM

    Rather than cut & paste my response, just type in the line yourself. I may have typed your line incorrectly as well, so please review for correctness.

     






  • 9.  RE: Utility Functions for SOAR - Include data in Body

    Posted Mon October 24, 2022 06:02 AM
    Hi Mark,

    Event writing it down from the start it doesn't work. It returns error code 400 Bad Request

    Thanks

    ------------------------------
    Arben Alia
    ------------------------------



  • 10.  RE: Utility Functions for SOAR - Include data in Body

    Posted Tue October 25, 2022 10:34 AM
    Hi Arben,

    You can try to pull the logs for fn_utilities to see how the URL is being formatted. I set loglevel=DEBUG under [resilient] to get more information about the API calls made.

    ------------------------------
    Mark Scherfling
    ------------------------------