Demisto REST API
This Integration is part of the Demisto REST API Pack.#
Use Demisto REST APIs
Configure Demisto REST API on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Demisto REST API.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Demisto Server URL True Demisto Server API Key False Trust any certificate (not secure) Trust any certificate (not secure). False Demisto Server API Key False Use system proxy settings Use system proxy settings. False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
demisto-api-post#
send HTTP POST request
Base Command#
demisto-api-post
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI (i.e. /incident). | Required |
| body | Body of HTTP POST. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!demisto-api-post uri=/lists/save body={\"name\":\"list_name\",\"data\":\"list_data\"}
Human Readable Output#
{"response":{"commitMessage":"","data":"list_data","definitionId":"","description":"","fromServerVersion":"","id":"list_name","itemVersion":"","locked":false,"modified":"2022-05-29T12:20:14.988577Z","name":"list_name","nameLocked":false,"packID":"","prevName":"list_name","primaryTerm":6,"propagationLabels":["all"],"sequenceNumber":907233,"shouldCommit":false,"system":false,"tags":null,"toServerVersion":"","truncated":false,"type":"plain_text","vcShouldIgnore":false,"vcShouldKeepItemLegacyProdMachine":false,"version":1}}
demisto-api-get#
send HTTP GET requests
Base Command#
demisto-api-get
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI (i.e. /user). | Required |
Context Output#
There is no context output for this command.
Command Example#
!demisto-api-get uri=/user
Human Readable Output#
{"response":{"addedSharedDashboards":["Threat Intelligence Feeds","Troubleshooting Instances"],"allRoles":["Administrator"],"defaultAdmin":true,"email":"admintest@demisto.com","id":"admin","image":"8327000###user_image_admin.png","lastLogin":"2022-05-29T15:13:46.224432+03:00","name":"Admin Dude","notificationsSettings":{"email":{"all":true},"pushNotifications":{"all":true}},"permissions":{"demisto":["scripts.rwx","playbooks.rw"]},"phone":"+650-123456","playgroundId":"beda-02ab-49ef-8fc1-c43a36f"}}
demisto-api-put#
send HTTP PUT request
Base Command#
demisto-api-put
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI (i.e. /user). | Required |
| body | Request body. | Optional |
demisto-api-delete#
send HTTP DELETE request
Base Command#
demisto-api-delete
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI (i.e. /user). | Required |
Context Output#
There is no context output for this command.
Command Example#
!demisto-api-delete uri=/dashboards/9a6cc590-72bb-4ed5-84e9-4577c6d8cbb9
Human Readable Output#
{"response":""}
demisto-api-download#
Download files from Demisto server
Base Command#
demisto-api-download
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI. | Required |
| filename | File name of download. | Optional |
| description | Description of file entry. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!demisto-api-download uri=/log/bundle
Context Example#
Human Readable Output#
demisto-api-multipart#
Send HTTP Multipart request to upload files to Demisto server
Base Command#
demisto-api-multipart
Input#
| Argument Name | Description | Required |
|---|---|---|
| uri | Request URI. | Required |
| entryID | File entry ID. | Required |
| body | Request body. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!demisto-api-multipart uri=/incident/upload/204 entryID=evnKTiujxaZEkeKRxiBMig@bed9ccda-02ab-49ef-8fc1-c43a36ff38f5 body=test_bark
Human Readable Output#
{"response":{"activated":"0001-01-01T00:00:00Z","attachment":[{"description":"","name":"logs-bundle-29May2214_36IDT.tar.gz","path":"204_34d-836b-4b38-81eb-9b90af9c1a_logs-bundle-29May2214_36IDT.tar.gz","showMediaFile":false,"type":"application/octet-stream"}],"autime":1653651342394000,"closed":"0001-01-01T00:00:00Z","created":"2022-05-27T13:15:51.342394+03:00","dueDate":"0001-01-01T00:00:00Z","id":"204","labels":[{"type":"Brand","value":"Grafana"},{"type":"Instance","value":"Grafana_instance_1"}],"modified":"2022-05-29T12:20:17.196279Z","name":"Adi's Alert","numericId":204,"occurred":"2022-05-27T02:02:30Z","rawName":"Adi's Alert","rawType":"Grafana Alert","sequenceNumber":545,"sourceBrand":"Grafana","sourceInstance":"Grafana_instance_1","type":"Grafana Alert","version":2}}
demisto-delete-incidents#
Delete Demisto incidents
Base Command#
demisto-delete-incidents
Input#
| Argument Name | Description | Required |
|---|---|---|
| ids | IDs of the incidents to delete. | Required |
| fields | Comma separated list of fields to return, case sensitive. Set "all" for all fields. WARNING: Setting all fields may result in big results. Default is id,name,type,severity,status. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!demisto-delete-incidents ids=152 fields=id,occurred
Human Readable Output#
Demisto delete incidents#
data total notUpdated {"id":"206","occurred":"2022-05-29T02:02:30Z"},{"id":"205","occurred":"2022-05-27T12:00:40Z"},{"id":"204","occurred":"2022-05-27T02:02:30Z"},{"id":"203","occurred":"2022-05-27T04:51:03Z"},{"id":"202","occurred":"2022-05-26T18:16:47Z"},{"id":"201","occurred":"2022-05-26T18:03:55Z"},{"id":"200","occurred":"2022-05-26T15:36:08Z"},{"id":"199","occurred":"2022-05-26T15:31:19Z"},{"id":"198","occurred":"2022-05-26T12:00:39Z"},{"id":"197","occurred":"2022-05-26T02:42:30Z"},{"id":"196","occurred":"2022-05-25T16:02:22Z"},{"id":"195","occurred":"2022-05-25T15:58:22Z"},{"id":"194","occurred":"2022-05-25T15:55:14Z"},{"id":"193","occurred":"2022-05-25T15:54:49Z"},{"id":"192","occurred":"2022-05-25T15:54:38Z"},{"id":"191","occurred":"2022-05-25T15:41:25Z"},{"id":"190","occurred":"2022-05-25T15:39:36Z"},{"id":"189","occurred":"2022-05-25T14:52:47Z"},{"id":"188","occurred":"2022-05-25T14:52:21Z"},{"id":"187","occurred":"2022-05-25T14:43:45Z"},{"id":"186","occurred":"2022-05-25T14:38:58Z"},{"id":"185","occurred":"2022-05-25T14:36:08Z"},{"id":"184","occurred":"2022-05-25T14:28:30Z"},{"id":"183","occurred":"2022-05-25T13:36:31Z"},{"id":"182","occurred":"2022-05-25T12:00:40Z"},{"id":"181","occurred":"2022-05-25T09:52:13Z"},{"id":"180","occurred":"2022-05-25T09:45:05Z"},{"id":"179","occurred":"2022-05-25T01:59:43Z"},{"id":"161","occurred":"2022-05-24T14:47:48Z"},{"id":"160","occurred":"2022-05-24T14:47:34Z"},{"id":"159","occurred":"2022-05-24T14:45:38Z"},{"id":"158","occurred":"2022-05-24T14:45:35Z"},{"id":"157","occurred":"2022-05-24T14:39:51Z"},{"id":"156","occurred":"2022-05-24T14:37:10Z"},{"id":"155","occurred":"2022-05-24T14:37:08Z"},{"id":"154","occurred":"2022-05-24T14:37:01Z"},{"id":"153","occurred":"2022-05-24T14:29:19Z"},{"id":"151","occurred":"2022-05-24T14:27:20Z"},{"id":"150","occurred":"2022-05-24T14:27:08Z"},{"id":"149","occurred":"2022-05-24T14:24:38Z"},{"id":"148","occurred":"2022-05-24T14:24:37Z"},{"id":"147","occurred":"2022-05-24T14:24:38Z"},{"id":"146","occurred":"2022-05-24T13:43:01Z"},{"id":"145","occurred":"2022-05-24T13:41:42Z"},{"id":"144","occurred":"2022-05-24T13:41:38Z"},{"id":"143","occurred":"2022-05-24T13:40:39Z"},{"id":"142","occurred":"2022-05-24T09:43:15Z"},{"id":"141","occurred":"2022-05-24T09:43:09Z"},{"id":"140","occurred":"2022-05-24T09:39:41Z"},{"id":"139","occurred":"2022-05-24T09:17:49Z"},{"id":"138","occurred":"2022-05-24T09:15:11Z"},{"id":"137","occurred":"2022-05-24T09:15:07Z"},{"id":"136","occurred":"2022-05-24T07:14:18Z"},{"id":"135","occurred":"2022-05-24T07:14:13Z"},{"id":"134","occurred":"2022-05-24T07:13:59Z"},{"id":"133","occurred":"2022-05-24T03:12:30Z"},{"id":"132","occurred":"2022-05-24T04:16:32Z"},{"id":"131","occurred":"2022-05-24T04:13:20Z"},{"id":"130","occurred":"2022-05-24T03:08:14Z"},{"id":"129","occurred":"2022-05-24T02:42:50Z"},{"id":"128","occurred":"2022-05-23T06:51:14Z"},{"id":"127","occurred":"2022-05-23T06:51:10Z"},{"id":"126","occurred":"2022-05-23T06:34:44Z"},{"id":"125","occurred":"2022-05-23T06:34:40Z"},{"id":"124","occurred":"2022-05-23T06:32:37Z"},{"id":"123","occurred":"2022-05-23T06:32:34Z"},{"id":"122","occurred":"2022-05-23T06:31:39Z"},{"id":"121","occurred":"2022-05-23T06:31:36Z"},{"id":"120","occurred":"2022-05-23T06:30:39Z"},{"id":"119","occurred":"2022-05-23T06:30:34Z"},{"id":"118","occurred":"2022-05-23T06:12:30Z"},{"id":"117","occurred":"2022-05-23T06:09:35.746115001Z"},{"id":"116","occurred":"2022-05-23T06:08:08.132076423Z"},{"id":"115","occurred":"2022-05-23T06:07:59.975247045Z"},{"id":"114","occurred":"2022-05-23T02:42:30Z"},{"id":"113","occurred":"2022-05-23T02:23:50Z"},{"id":"112","occurred":"2022-05-23T02:17:34Z"},{"id":"111","occurred":"2022-05-22T11:16:49Z"},{"id":"110","occurred":"2022-05-22T11:16:47Z"},{"id":"109","occurred":"2022-05-22T10:23:37Z"},{"id":"108","occurred":"2022-05-22T10:23:28Z"},{"id":"107","occurred":"2022-05-22T10:23:24Z"},{"id":"106","occurred":"2022-05-22T10:23:07Z"},{"id":"105","occurred":"2022-05-22T10:23:01Z"},{"id":"104","occurred":"2022-05-22T10:22:59Z"},{"id":"103","occurred":"2022-05-22T10:22:40Z"},{"id":"102","occurred":"2022-05-22T10:22:37Z"},{"id":"101","occurred":"2022-05-22T10:22:33Z"},{"id":"100","occurred":"2022-05-22T10:16:50Z"},{"id":"99","occurred":"2022-05-22T10:16:41Z"},{"id":"98","occurred":"2022-05-22T10:16:39Z"},{"id":"97","occurred":"2022-05-22T10:16:38Z"},{"id":"96","occurred":"2022-05-22T02:18:11Z"},{"id":"95","occurred":"2022-05-22T02:11:59Z"},{"id":"94","occurred":"2022-05-21T02:28:46Z"},{"id":"93","occurred":"2022-05-21T02:21:58Z"},{"id":"92","occurred":"2022-05-20T02:02:57Z"},{"id":"91","occurred":"2022-05-20T01:56:34Z"},{"id":"90","occurred":"2022-05-22T02:32:30Z"},{"id":"89","occurred":"2022-05-21T02:42:30Z"},{"id":"88","occurred":"2022-05-20T02:22:30Z"},{"id":"87","occurred":"2022-05-19T12:40:33Z"},{"id":"86","occurred":"2022-05-19T12:40:20Z"},{"id":"85","occurred":"2022-05-19T12:39:58Z"},{"id":"84","occurred":"2022-05-19T15:39:45.467321+03:00"},{"id":"83","occurred":"2022-05-19T11:07:32Z"},{"id":"82","occurred":"2022-05-19T10:10:20Z"},{"id":"81","occurred":"2022-05-19T10:02:49Z"},{"id":"80","occurred":"2022-05-19T02:22:30Z"},{"id":"79","occurred":"2022-05-19T02:11:15Z"},{"id":"78","occurred":"2022-05-18T23:12:49Z"},{"id":"77","occurred":"2022-05-18T23:07:27Z"},{"id":"76","occurred":"2022-05-18T22:49:04Z"},{"id":"75","occurred":"2022-05-18T22:43:53Z"},{"id":"74","occurred":"2022-05-18T22:35:27Z"},{"id":"73","occurred":"2022-05-18T22:33:00Z"},{"id":"72","occurred":"2022-05-18T14:40:02Z"},{"id":"71","occurred":"2022-05-18T14:38:03Z"},{"id":"70","occurred":"2022-05-18T14:19:54Z"},{"id":"69","occurred":"2022-05-17T02:52:30Z"},{"id":"68","occurred":"2022-05-16T10:22:30Z"},{"id":"67","occurred":"2022-05-16T06:52:30Z"},{"id":"66","occurred":"2022-05-16T06:45:24.600415024Z"},{"id":"65","occurred":"2022-05-16T06:42:30Z"},{"id":"64","occurred":"2022-05-16T06:36:15.112637478Z"},{"id":"63","occurred":"2022-05-16T06:28:02.589558435Z"},{"id":"62","occurred":"2022-05-15T02:12:30Z"},{"id":"61","occurred":"2022-05-13T03:02:30Z"},{"id":"60","occurred":"2022-05-12T02:22:30Z"},{"id":"59","occurred":"2022-05-10T02:52:30Z"},{"id":"58","occurred":"2022-05-09T03:02:30Z"},{"id":"57","occurred":"2022-05-08T02:02:30Z"},{"id":"56","occurred":"2022-05-07T02:32:30Z"},{"id":"55","occurred":"2022-05-05T03:02:30Z"},{"id":"54","occurred":"2022-05-03T02:52:30Z"},{"id":"53","occurred":"2022-05-03T17:59:41.498326+03:00"},{"id":"52","occurred":"2022-03-30T01:56:47Z"},{"id":"51","occurred":"2022-03-27T10:52:09Z"},{"id":"50","occurred":"2022-03-27T09:24:29Z"},{"id":"49","occurred":"2022-03-27T09:23:57Z"},{"id":"48","occurred":"2022-03-22T05:05:28Z"},{"id":"47","occurred":"2022-03-20T11:08:56Z"},{"id":"46","occurred":"2022-03-20T07:56:41Z"} 143 0