- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-28-2023 10:33 PM
The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file.
Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks.
Any change I need to make to make the attachment appear as File with entryID?
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR-8-API/Incidents
---------------------------------------------------------------------------------------------------------------------
from datetime import datetime, timezone
import secrets
import string
import hashlib
import requests
import os
def test_advanced_authentication(api_key_id, api_key, attachments, file):
# Generate a 64 bytes random string
nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
# Get the current timestamp as milliseconds.
timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
# Generate the auth key:
auth_key = "%s%s%s" % (api_key, nonce, timestamp)
# Convert to bytes object
auth_key = auth_key.encode("utf-8")
# Calculate sha256:
api_key_hash = hashlib.sha256(auth_key).hexdigest()
# Generate HTTP call headers
headers = {
"x-xdr-timestamp": str(timestamp),
"x-xdr-nonce": nonce,
"x-xdr-auth-id": str(api_key_id),
"Authorization": api_key_hash
}
parameters = {
"name": " Incident - " + file,
"severity": 3,
"type": "Spam Emails",
"attachment": attachments
}
res = requests.post(url="https://api-URL/xsoar/public/v1/incident",
headers=headers,
json=parameters, verify=False)
print(res.json())
return res
# Specify the folder path
folder_path = ""
# List all files in the folder
files = os.listdir(folder_path)
first_5_files = files[:5]
# Loop through the list of files
api_key = ""
apiid =
for file in first_5_files:
# Print the file name
print(file)
path = folder_path + "\\" + file
attachments = [{"name": file, "path": str(path)}]
print(test_advanced_authentication(apiid, api_key, attachments, file))
11-15-2023 02:02 AM
hi @Moh.Yasser ,
After the creating the incident, you can get the incident id. (res.json().get(id)) and run the below something like below.
11-15-2023 07:29 AM
@gyldz Thanks for the reply!
It gives the below as response. I gave in the incident ID not sure why we are getting this.
{'id': 'noInv', 'status': 400, 'title': 'Could not find investigations', 'detail': 'Could not find investigation', 'error': 'Could not find investigations:Could not find investigation', 'encrypted': False, 'multires': None}
11-15-2023 02:02 AM
hi @Moh.Yasser ,
After the creating the incident, you can get the incident id. (res.json().get(id)) and run the below something like below.
11-15-2023 07:29 AM
@gyldz Thanks for the reply!
It gives the below as response. I gave in the incident ID not sure why we are getting this.
{'id': 'noInv', 'status': 400, 'title': 'Could not find investigations', 'detail': 'Could not find investigation', 'error': 'Could not find investigations:Could not find investigation', 'encrypted': False, 'multires': None}
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!