Core REST API
Cortex REST API Pack.#
This Integration is part of the#
Configure Core REST API in CortexParameter | Description | Required |
---|---|---|
Core Server URL | For Cortex XSOAR 8 or Cortex XSIAM, use the Copy API URL button on the API Keys page. For Cortex XSOAR 6, use the server URL. | True |
API Key ID | The API Key ID that is linked to the API Key (relevant for Cortex XSIAM and Cortex XSOAR 8.0.0 and above). | True |
API Key (Password) | The core server API key. | True |
Authentication method | Whether authentication should be using "Standard" API key or "Advanced" API key. | True |
Trust any certificate (not secure) | Trust any certificate (not secure). | False |
Use system proxy settings | Use system proxy settings. | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Please Note: When updating or making changes to a custom content item (integration, script, list, etc.), it may be necessary to increment the version of the item. To do so, first fetch the current version (usually via a GET command) and then increment the version by 1. Lastly, when updating an item, please use this incremented value for the version
field.
#
core-api-postsend HTTP POST request
#
Base Commandcore-api-post
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint (e.g. /incident or /public_api/v1/incidents/update_incident). | Required |
body | Body of HTTP POST. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-post uri=/lists/save body={\"name\":\"list_name\",\"data\":\"list_data\"}
#
Human Readable Output{"response":{"commitMessage":"","data":"list_data","definitionId":"","description":"","fromServerVersion":"","id":"list_name","itemVersion":"","locked":false,"modified":"2022-05-29T12:20:14.988577Z","name":"list_name","nameLocked":false,"packID":"","prevName":"list_name","primaryTerm":6,"propagationLabels":["all"],"sequenceNumber":907233,"shouldCommit":false,"system":false,"tags":null,"toServerVersion":"","truncated":false,"type":"plain_text","vcShouldIgnore":false,"vcShouldKeepItemLegacyProdMachine":false,"version":1}}
#
core-api-getsend HTTP GET requests
#
Base Commandcore-api-get
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint (e.g. /user or /public_api/v1/rbac/get_users). | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-get uri=/user
#
Human Readable Output{"response":{"addedSharedDashboards":["Threat Intelligence Feeds","Troubleshooting Instances"],"allRoles":["Administrator"],"defaultAdmin":true,"email":"admintest@core.com","id":"admin","image":"8327000###user_image_admin.png","lastLogin":"2022-05-29T15:13:46.224432+03:00","name":"Admin Dude","notificationsSettings":{"email":{"all":true},"pushNotifications":{"all":true}},"permissions":{"core":["scripts.rwx","playbooks.rw"]},"phone":"+650-123456","playgroundId":"beda-02ab-49ef-8fc1-c43a36f"}}
#
core-api-putsend HTTP PUT request
#
Base Commandcore-api-put
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint (e.g. /user). | Required |
body | Request body. | Optional |
#
core-api-deletesend HTTP DELETE request
#
Base Commandcore-api-delete
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint (e.g. /user). | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-delete uri=/dashboards/9a6cc590-72bb-4ed5-84e9-4577c6d8cbb9
#
Human Readable Output{"response":""}
#
core-api-downloadDownload files from core server
#
Base Commandcore-api-download
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint. | Required |
filename | File name of download. | Optional |
description | Description of file entry. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-download uri=/log/bundle
#
Context Example#
Human Readable Output#
core-api-multipartSend HTTP Multipart request to upload files to Core server
#
Base Commandcore-api-multipart
#
InputArgument Name | Description | Required |
---|---|---|
uri | Request endpoint. | Required |
entryID | File entry ID. | Required |
body | Request body. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-multipart uri=/incident/upload/204 entryID=evnKTiujxaZEkeKRxiBMig@bed9ccda-02ab-49ef-8fc1-c43a36ff38f5 body=test_bark
#
Human Readable Output{"response":{"activated":"0001-01-01T00:00:00Z","attachment":[{"description":"","name":"logs-bundle-29May2214_36IDT.tar.gz","path":"204_34d-836b-4b38-81eb-9b90af9c1a_logs-bundle-29May2214_36IDT.tar.gz","showMediaFile":false,"type":"application/octet-stream"}],"autime":1653651342394000,"closed":"0001-01-01T00:00:00Z","created":"2022-05-27T13:15:51.342394+03:00","dueDate":"0001-01-01T00:00:00Z","id":"204","labels":[{"type":"Brand","value":"Grafana"},{"type":"Instance","value":"Grafana_instance_1"}],"modified":"2022-05-29T12:20:17.196279Z","name":"Adi's Alert","numericId":204,"occurred":"2022-05-27T02:02:30Z","rawName":"Adi's Alert","rawType":"Grafana Alert","sequenceNumber":545,"sourceBrand":"Grafana","sourceInstance":"Grafana_instance_1","type":"Grafana Alert","version":2}}
#
core-delete-incidentsDelete Core incidents
#
Base Commandcore-delete-incidents
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of the incidents to delete. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!core-delete-incidents ids=152
#
Human Readable Output#
Core delete incidents
totalDeleted total notUpdated 1 143 0
#
core-api-install-packsUpload packs to Core server from url or the marketplace.
#
Base Commandcore-api-install-packs
#
InputArgument Name | Description | Required |
---|---|---|
packs_to_install | The packs to install in JSON format (e.g. [{"AutoFocus": "2.0.8"}] ). | Optional |
file_url | The pack zip file url. | Optional |
skip_verify | If true will skip pack signature validation, Available from 6.5.0 server version. | Optional |
skip_validation | If true will skip all pack validations, Available from 6.6.0 server version. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!core-api-install-packs packs_to_install=[{"AutoFocus": "2.0.8"}]
#
Human Readable OutputThe following packs installed successfully: AutoFocus
#
core-api-file-uploadUpload to the incident a file that the user provided according to the entry_id or the content of the file.
#
Base Commandcore-api-file-upload
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | The incident's ID. | Required |
file_name | The new file's name. | Optional |
file_content | The new file's content. | Optional |
entry_id | The War Room entry ID of the pack zip file. | Optional |
#
Context OutputThere is no context output for this command.
#
core-api-file-deleteDelete a file from Cortex XSOAR by entry_id.
#
Base Commandcore-api-file-delete
#
InputArgument Name | Description | Required |
---|---|---|
entry_id | The War Room entry ID of the file. | Required |
#
Context OutputThere is no context output for this command.
#
core-api-file-attachment-deleteDelete the attachment from the incident and from the Cortex XSOAR server.
#
Base Commandcore-api-file-attachment-delete
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | The incident's ID. | Required |
file_path | The file's path. | Required |
field_name | Name of the field (type attachment) from which to remove the attachment. Default is attachment. | Optional |
#
Command example!core-api-file-attachment-delete file_path=1@1 incident_id=1
#
Human Readable OutputAttachment 1@1 deleted.
#
core-api-file-check
Check if the file exists in Cortex XSOAR (Context) by entry_id.
#
Base Commandcore-api-file-check
#
InputArgument Name | Description | Required |
---|---|---|
entry_id | The War Room entry ID of the file. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IsFileExists | unknown | Dictionary with EntryID as the key and boolean if the file exists as a value. |