Hello Bo Bleckel,
Thanks for your reply,
I have taken the response from the resilient circuit, and only replaced the actual data with "pic" word below, as the actual string is huge, and I don't understand the actual format of it.
#!/usr/bin/python
# -*- coding: utf-8 -*-
{
'cookies': {},
'links': {},
'text': u' pic',
'elapsed': 61,
'apparent_encoding': None,
'reason': 'OK',
'ok': True,
'url': u'https://10.16.52.214/api/public/v2/reports/29577/download.jpg',
'headers': {
'Status': '200 OK',
'X-Request-Id': '71d4b41d-adf5-410d-827d-5c5c70cb41dd',
'X-XSS-Protection': '1; mode=block',
'X-Download-Options': 'noopen',
'Content-Disposition': 'attachment; filename="report_29577.jpg"; filename*=UTF-8\'\'report_29577.jpg',
'Transfer-Encoding': 'chunked',
'Strict-Transport-Security': 'max-age=63072000; includeSubDomains',
'Vary': 'Origin',
'X-Runtime': '0.043125',
'X-Content-Type-Options': 'nosniff',
'Content-Transfer-Encoding': 'binary',
'Connection': 'keep-alive',
'ETag': 'W/"5cd110087453c3e6f73eabb22321d766"',
'X-Permitted-Cross-Domain-Policies': 'none',
'Cache-Control': 'private',
'Date': 'Tue, 15 Nov 2022 07:03:08 GMT',
'X-Frame-Options': 'SAMEORIGIN',
'Referrer-Policy': 'strict-origin-when-cross-origin',
'Content-Type': 'image/jpeg',
},
'json': None,
'status_code': 200,
}
------------------------------
ahmed abushanab
------------------------------
Original Message:
Sent: Mon November 14, 2022 01:06 PM
From: Bo Bleckel
Subject: Adding an "image" to Incident (Note/Rich text field), or attachments via REST API
Hi Ahmed -- it depends on your specific response format. There are a few functions available in the fn_utilities app that allow you to convert base64 content to attachments. If the response value here is in base64 format, then you could make use of that function. Otherwise, we'd need a little more info on what exactly the content is to determine how to get it to an attachment.
Let me know if this helps!
------------------------------
Bo Bleckel
Original Message:
Sent: Mon November 14, 2022 06:51 AM
From: ahmed abushanab
Subject: Adding an "image" to Incident (Note/Rich text field), or attachments via REST API
Hello,
I am using utilities rest api function to integrate with cofense trigae, I have built couple of workflows that authenticates, and takes actions on reported emails.
I am trying to get an image of a reported email, using one more utilities Rest fn in the workflow, but not sure what is the best practice to handle the response.
Below is example of the curl request I am drafting in the utilities REST function.
curl --location --request GET 'https://triage.example.com/api/public/v2/reports/1234/download.jpg' \
--header 'Accept: image/jpeg' \
--header 'Authorization: Bearer 00000000000000000006j7trYbcRCUv6khshG66xLMQ'
I posted str(results) to the notes, to see the actual response structure and select the correct value of key for that image, but it seems no such key.
Please let me know if this can be used to post an image directly to the notes, or at least as an attachment to an incident.
Thanks in advance for the support.
------------------------------
ahmed abushanab
------------------------------