IBM Security QRadar SOAR

 View Only
  • 1.  Create an Incident from PowerShell/REST API call

    Posted Mon July 18, 2022 09:32 AM
    Hello,

    Does someone has an example how I can create an incident from PowerShell script or REST API call?

    ------------------------------
    Alexey Fedorov
    ------------------------------


  • 2.  RE: Create an Incident from PowerShell/REST API call

    Posted Tue July 19, 2022 01:59 AM
    Hi Alexey,

    REST API documentation will help you, https://<your soar instance>/docs/rest-api/ui/index.html#/IncidentREST/createIncident.


    A small trick;
    1- Open developer console on your browser.
    2- Listen network traffic, especially fetch/XHR.
    3- Open an incident on SOAR
    4- Catch the requests that related with opening incident
    5- Copy as powershell.




    ------------------------------
    Burak Karaduman
    ------------------------------



  • 3.  RE: Create an Incident from PowerShell/REST API call

    Posted Tue July 19, 2022 04:36 AM
    Hello Burak,

    Thank you! This is was useful for me.

    ------------------------------
    Alexey Fedorov
    ------------------------------



  • 4.  RE: Create an Incident from PowerShell/REST API call

    Posted Tue July 19, 2022 07:47 AM
    Edited by Leonardo Kenji Shikida Tue July 19, 2022 08:00 AM
    I wasn't aware of this trick! thanks for sharing!

    One more thing. If you want just the bare minimum to create a new incident, you must provide 

    Mandatory fields were supposed to be documented, but for some reason, they are not at https://resilient.localdomain/docs/rest-api/json_FullIncidentDataDTO.html 

    []

    Leonardo Kenji Shikida
    ------------------------------