IBM Security QRadar SOAR

Hi, 

Can I have a function call to a 3rd party app from my Resilient script? In my particular example, I would like to call the 'Data Table Utils: Get Rows' function, which returns the row ID of a table where a certain column equals a certain value, and depending on value of another column, may set the column to a new value. 

Thank you,
Mark

------------------------------
Mark Aksen
------------------------------

Hi Mark

I am not sure if I've got your question correctly.

You're talking about 2 operations here.

One is locating a row from a resilient datatable given some column value (like "return the row id from from the datatable row where column = XYZ"), returning its rowid

Another is "update that specific row, identified by rowid, to set some cell value to another value, let's say, set col A to 'ABC' where rowid = 123"

If this is what you're looking for, both datatable operations are possible using Resilient REST API. Take a look on the DataTableDataREST API. However, this is not the same as the "Data Table Utils: Get Rows", which only works from inside Resilient.




------------------------------
[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Sun June 26, 2022 04:26 PM
From: Mark Aksen
Subject: App function call from Resilient script

Hi, 

Can I have a function call to a 3rd party app from my Resilient script? In my particular example, I would like to call the 'Data Table Utils: Get Rows' function, which returns the row ID of a table where a certain column equals a certain value, and depending on value of another column, may set the column to a new value. 

Thank you,
Mark

------------------------------
Mark Aksen
------------------------------

How do I obtain the details for the DataTableDataREST API? And can I call the API from a Resilient script?

Thanks,
Mark

------------------------------
Mark Aksen
------------------------------

Original Message:
Sent: Mon June 27, 2022 08:35 AM
From: Leonardo Kenji Shikida
Subject: App function call from Resilient script

Hi Mark

I am not sure if I've got your question correctly.

You're talking about 2 operations here.

One is locating a row from a resilient datatable given some column value (like "return the row id from from the datatable row where column = XYZ"), returning its rowid

Another is "update that specific row, identified by rowid, to set some cell value to another value, let's say, set col A to 'ABC' where rowid = 123"

If this is what you're looking for, both datatable operations are possible using Resilient REST API. Take a look on the DataTableDataREST API. However, this is not the same as the "Data Table Utils: Get Rows", which only works from inside Resilient.




------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Sun June 26, 2022 04:26 PM
From: Mark Aksen
Subject: App function call from Resilient script

Hi, 

Can I have a function call to a 3rd party app from my Resilient script? In my particular example, I would like to call the 'Data Table Utils: Get Rows' function, which returns the row ID of a table where a certain column equals a certain value, and depending on value of another column, may set the column to a new value. 

Thank you,
Mark

------------------------------
Mark Aksen
------------------------------

Can you call an API from a Resilient script? No you can't. Your resilient python script is very very limited. Libraries are restricted and your script cannot take more than a few seconds to complete, it cannot exceed a small number of interpreted lines (for example, a for loop of 1000 iterations won't work).

If you need to call an external REST API from inside your playbook or workflow, you need to install a SOAR app such as fn_utilities (https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5) and then you can call an external REST API from a IBM SOAR function.

About the other way around, letting external systems interact with Resilient APIs: APIs are under the documentation section of the application. Unfortunately, not available as part of the public IBM SOAR documentation. You need a running instance in order to get details about the APIs. (see the screenshots below)







------------------------------
[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Mon June 27, 2022 09:33 AM
From: Mark Aksen
Subject: App function call from Resilient script

How do I obtain the details for the DataTableDataREST API? And can I call the API from a Resilient script?

Thanks,
Mark

------------------------------
Mark Aksen

Original Message:
Sent: Mon June 27, 2022 08:35 AM
From: Leonardo Kenji Shikida
Subject: App function call from Resilient script

Hi Mark

I am not sure if I've got your question correctly.

You're talking about 2 operations here.

One is locating a row from a resilient datatable given some column value (like "return the row id from from the datatable row where column = XYZ"), returning its rowid

Another is "update that specific row, identified by rowid, to set some cell value to another value, let's say, set col A to 'ABC' where rowid = 123"

If this is what you're looking for, both datatable operations are possible using Resilient REST API. Take a look on the DataTableDataREST API. However, this is not the same as the "Data Table Utils: Get Rows", which only works from inside Resilient.




------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Sun June 26, 2022 04:26 PM
From: Mark Aksen
Subject: App function call from Resilient script

Hi, 

Can I have a function call to a 3rd party app from my Resilient script? In my particular example, I would like to call the 'Data Table Utils: Get Rows' function, which returns the row ID of a table where a certain column equals a certain value, and depending on value of another column, may set the column to a new value. 

Thank you,
Mark

------------------------------
Mark Aksen
------------------------------