topic Re: Import XSOAR incidents into MySQL DB in Cortex XSOAR Discussions

Import XSOAR incidents into MySQL DB

ce13 — Wed, 08 Mar 2023 14:42:53 GMT

Hello all,

I have MySQL DB to collect data from different projects/products and using Metabase to create dashboards. I would like to import all incidents into MySQL DB from XSOAR. Is there any integration can do it directly or I have to write python code to retrieve all incidents through XSOAR API?

If API is the only option, should I use "Search incidents by filter" to get all incidents from XSOAR?

{
"filter" : {
"fromDate" : "2023-01-01T00:00:00Z"
}
}

Search incidents by filter

POST /incidents/search

Best Regards,

Re: Import XSOAR incidents into MySQL DB

MBeauchamp2 — Wed, 08 Mar 2023 19:18:02 GMT

You can use the ExportIncidentsToCSV automation from the common scripts pack, which will write the file to the war room.

If you want to export using the API, look at the /incident/batch/exportTo/Csv endpoint, which is the same one the above automation uses.

I wouldn't recommend trying to export ALL incidents at once, but rather batch it by day or week to keep the results small.

Re: Import XSOAR incidents into MySQL DB

ce13 — Thu, 09 Mar 2023 02:00:23 GMT

What I would like to do is to retrieve the incidents details in below screenshot into MySQL DB column id, name, type, severity, status, owner, roles, playbook, occurred, sla, etc. Once all incidents are imported into MySQL DB, I may create a script to retrieve the new incident and update the incident with the status "active" only.

I will look at "ExportIncidentsToCSV" and see if I can parse the details into MySQL DB, thanks.