List of Contributions

Mei Thom

Contact Details

My Content

1 to 16 of 16 total

IBM Resilient (SOAR) TLSv1.3 support

Posted By Mei Thom Fri July 21, 2023 11:33 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, I have question about TLSv1.3 support. We have a Web application integrating with a Resilient instance of version 35.2.32 using TLSv1.2 communications. If I change to use TLSv1.3, I get SSLHandshakeException. Can I ask: 1. Is there a way to enable TLSv1.3 on the Resilient instance? 2. ...

RE: Resilient license expired

Posted By Mei Thom Wed March 03, 2021 04:25 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Found the contact in Resilient and he helped us setup the server initially. I've got help now. ------------------------------ Mei Thom ------------------------------

Resilient license expired

Posted By Mei Thom Wed March 03, 2021 09:57 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
I have been using a Resilient server since last year. I could still access it last week. But today when I try to access the Resilient server, I get a license expired message as shown here: Please advise what I should do to get this fixed. Thank you very much! ------------------------------ ...

RE: Resilient - Can we filter users by name in GET Users REST API?

Posted By Mei Thom Mon January 25, 2021 10:45 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, thank you very much for your detailed demonstrations. This is very helpful! ------------------------------ Mei Thom ------------------------------

Resilient - Can we filter users by name in GET Users REST API?

Posted By Mei Thom Sun January 24, 2021 11:34 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, In Resilient GET /orgs/(org_id)/users REST API, I see that we can add "ids" as query to only return users with the specified ids. Can we filter users by user name or user email? Also for GET /orgs/(org_id)/groups REST API, can we filter groups by group name? Thanks! ------------------------------ ...

Question about time zone of datetime fields

Posted By Mei Thom Thu June 04, 2020 06:39 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, After I use java REST API to create an incident on IBM Resilient, the response json contains these datetime fields: "create_date": 1589602027349, ... "inc_last_modified_date": 1589602027349,​ Can I ask if the long number in these datetime fields are in UTC timezone or the server's ...

RE: Can we specify sort order in GET REST API

Posted By Mei Thom Wed May 20, 2020 10:42 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thanks Jared for the quick response. I need to know the exact param names and format to specify this in Resilient GET comments REST API. Your snippet and the example in stackoverflow link do this programmatically. I think that I'll just get back the list of comments and sort them in the codes then. ...

Can we specify sort order in GET REST API

Posted By Mei Thom Wed May 20, 2020 10:01 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, we integrate with Resilient using java REST API. I am trying to get the list of comments of an incident using GET of this REST API: https:// /rest/orgs/(org_id)/incidents/(incident_id)/comments​ I would like to get back the list in the order that the latest comment goes first, and the oldest ...

RE: Can we limit the response object to contain only some certain fields?

Posted By Mei Thom Wed May 20, 2020 09:48 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Just because I see that the response json contains a lot of fields that I am not interest in. I just wonder if user can indicate what fields to return, so that the response is much smaller. The return_level options serve this purpose to some extent. In my case, if I set return_level=partial, the members, ...

RE: Can we limit the response object to contain only some certain fields?

Posted By Mei Thom Tue May 19, 2020 11:42 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ryan, thank you for the quick response. I have tried the return_level. "partial" missed a couple fields that I need, but "normal" still has something like "pii", "gdpr", etc. which I hope to exclude, if doable. What I am really interested in getting back are around 10 fields including the incident's ...

Can we limit the response object to contain only some certain fields?

Posted By Mei Thom Tue May 19, 2020 11:08 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, we are using java REST API to integrate with Resilient. After creating an incident with this API: POST /orgs/(org_id)/incidents​ the response object contains many fields. I used these params to exclude some fields sending back: want_full_data=false&want_tasks=false But I am not interested ...

RE: Got 500 when posting attachment to incident

Posted By Mei Thom Fri May 15, 2020 11:38 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, The root cause is that uploading file expects multipart mime body. Since the file is pdf, I setup content-type=application/pdf. After I removed specifying the content-type and use MultipartEntity for the request body, I got back 200 response code. The pdf file was attached to the incident ...

RE: Got 500 when posting attachment to incident

Posted By Mei Thom Fri May 15, 2020 12:03 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, thank you for the advice and the pointer. I'll spend some time to look into all those. Will update you what I will hit next. Thanks! ------------------------------ Mei Thom ------------------------------

RE: Got 500 when posting attachment to incident

Posted By Mei Thom Fri May 15, 2020 11:35 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, sorry about that. I find the client .log in the daily dir. Here is the stack trace about the posting attachment: 23:24:36.523 [http-nio-443-exec-5] ERROR com.co3.web.rest.Co3ExceptionMapperBase - Mapping exception to REST java.lang.NullPointerException: null at com.co3.web.rest.Inciden ...

RE: Got 500 when posting attachment to incident

Posted By Mei Thom Fri May 15, 2020 10:23 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, thank you for the info. I looked at the client.log on that resilient server. These are the lines around that posting attachment: - - [13/May/2020:22:26:16 -0400] "POST /rest/session HTTP/1.1" 200 - 0 [-] http-nio-443-exec-4 - - [13/May/2020:22:26:17 -0400] "POST /rest/session HTTP/1.1" ...

Got 500 when posting attachment to incident

Posted By Mei Thom Thu May 14, 2020 10:33 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, we are integrating Guardium with Resilient. We are trying to create an incident, and attach a pdf file to the incident. We use java REST API to post the attachment. But in both the Guardium application java codes, and on the "Resilient Systems REST API" page, I got 500 response code and the following ...