Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Join us for IBM TechXchange Day: AI and Automation

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Falcon Sandbox with rest api

Maria CzapkowskaTue June 04, 2024 07:21 AM

I'm trying to automate sending files to the falcon sandbox. I have a working request to get authenticated ...

Maria CzapkowskaTue June 04, 2024 09:00 AM

For anyone facing errors with the rest api - it doesn't like single quotes, that was the reason for ...

1. Falcon Sandbox with rest api

0 Like
Maria Czapkowska
Posted Tue June 04, 2024 07:21 AM

Reply
I'm trying to automate sending files to the falcon sandbox. I have a working request to get authenticated (and to upload the file ( POST /samples/entities/samples/v2 ) but sending a request to actually analyze the file keeps giving me 400 bad request and it says "Invalid number of sandbox parameters submitted!".

I tired giving enviroment_id and url - 400

enviroment_id and url with sha256 set to none - 400

same as above but with sha256 instead of url also 400

I even tried providing all the arguments possible and I'm getting the same error. I feel like SOAR is doing something to the request in the background and I wish I could just use python request lib. I would appreciate any advice about this.

------------------------------
Maria Czapkowska
------------------------------
2. RE: Falcon Sandbox with rest api

0 Like
Maria Czapkowska
Posted Tue June 04, 2024 09:00 AM

Reply
For anyone facing errors with the rest api - it doesn't like single quotes, that was the reason for all the errors.

------------------------------
Maria Czapkowska
------------------------------

Original Message

Powered by Higher Logic