IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

How to add a 7zip file that we retrive using API to the incident attachments

1. How to add a 7zip file that we retrive using API to the incident attachments

Like
Shivani Raja
Posted Thu March 23, 2023 05:37 AM

Reply
The API below is used to download the files uploaded from Crowdstrike. The response that we should get from this API is a 7zip compressed file. Instead, we get random characters in the JSON response for all the files that we tried to retrieve by hitting this API using the Utilities: Call REST API Function.

We were able to get the file when hitting this API on Postman but not in Resilient SOAR.

Can someone please help with this issue

API used:

https://api.crowdstrike.com/real-time-response/entities/extracted-file-contents/v1

------------------------------
Shivani Raja
------------------------------

IBM QRadar SOAR

IBM QRadar SOAR

How to add a 7zip file that we retrive using API to the incident attachments

1. How to add a 7zip file that we retrive using API to the incident attachments

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

How to add a 7zip file that we retrive using API to the incident attachments

1. How to add a 7zip file that we retrive using API to the incident attachments

Related Content

Watsonx.ai For SOAR

Add Attachment in Resilient thru API call

CrowdStrike and IBM Security Integrations: Delivering End-to-End Process Threat Management with CrowdStrike’s Falcon Platform and IBM Security’s Resilient and QRadar

Decorate Artifacts using SOAR Functions in v43

Addressing an attachment from playbooks/scripts

Additional Resources

Office

Quick Links

Additional
Resources