Important Update: Community URLs redirect issues are partially resolved. Learn More. .

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Creating a Cyber Security Incident Record through API

Go to solution
ghostrider9899
Contributor II

‎2024-03-15 05:27 PM

ghostrider9899_0-1710537845004.png

Hi All,

I am trying to create a Security Incident New Record that is shown above by API Call. I have no idea from the docs where to start and how to get this working. I got a few API calls working. I have the authentication working but i don't even know what POST url and payload to run to create a "record" essentially as shown above.

Dan

 

0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
DavidPetty
Archer Employee
Archer Employee
In response to ghostrider9899

‎2024-03-18 05:06 PM

For the web services (SOAP) API (POST), [URL]/ws/record.asmx

For the REST APIs (POST), [URL]/platformapi/core/content

 Advisory Consultant

View solution in original post

Go to solution
DavidPetty
Archer Employee
Archer Employee
In response to ghostrider9899

‎2024-03-18 05:18 PM - edited ‎2024-03-18 05:18 PM

That's determined by module/application id (SOAP) or level id (REST).

 Advisory Consultant

View solution in original post

7 REPLIES 7

Go to solution
MargoBrosnan
Advocate

‎2024-03-18 04:51 PM

You'll need to use the SOAP action http://archer-tech.com/webservices/CreateRecords

I typically use a mix of SOAP and REST calls.  Initially the API was SOAP, and that's where most of the data manipulation happens.  REST has newer functions to retrieve meta-data, user information, advanced workflow calls, etc..  After you establish the SOAP connection, create a REST connection but send it the session ID from the SOAP call.  Then you can use both without invalidating the session token.

The API resources available in the administration list under Integration are very helpful for finding which calls you need.  You can also download the API documentation PDFs (again, you'll want both the original "web services API" and the "REST API" documents).   Does anyone have current links for these?  I'm only seeing links that go back to the RSA site.  Thanks.

0 Kudos

Go to solution
ghostrider9899
Contributor II

‎2024-03-18 04:54 PM

what would be the request url to create a ticket in Security Incidents Record. I am trying to figure that part out.

0 Kudos

Go to solution
DavidPetty
Archer Employee
Archer Employee
In response to ghostrider9899

‎2024-03-18 05:06 PM

For the web services (SOAP) API (POST), [URL]/ws/record.asmx

For the REST APIs (POST), [URL]/platformapi/core/content

 Advisory Consultant

Go to solution
ghostrider9899
Contributor II
In response to DavidPetty

‎2024-03-18 05:15 PM

Sorry I am trying to figure out how to label under Cyber Security Incident vs a Finding. Thats where alot of my confusion lies.

0 Kudos

Go to solution
DavidPetty
Archer Employee
Archer Employee
In response to ghostrider9899

‎2024-03-18 05:18 PM - edited ‎2024-03-18 05:18 PM

That's determined by module/application id (SOAP) or level id (REST).

 Advisory Consultant

Go to solution
ghostrider9899
Contributor II

‎2024-03-18 05:25 PM

/platformapi/core/content/Findings, would that be uri path i would POST too?

0 Kudos

Go to solution
ghostrider9899
Contributor II

‎2024-03-18 05:25 PM

oh ok i see?

0 Kudos