Add Sample for updating an asset about api-samples HOT 5 CLOSED

Hi,

checkout this script here

https://github.com/ibm-security-intelligence/data-import/blob/master/assets/update_assets.py

It updates assets from a .csv file using the same rest end point

essentially you can update any asset field returned by the "asset_model/properties endpoint". That includes all the 'out of the box' asset fields, as well as any custom ones you add.

The key thing to note is that you need to use the id of the property in the update, not the name.

e.g. this body updates the business owner of an asset

{
"properties": [
{
"type_id": 1006,
"value": "Chris Meenan"
}
]
}

Chris

from api-samples.

thanks, what the API expects as input structure was what i was looking for.
I looked at the data importer and imho building json with string concatination is a very bad habit.
it would be much cleaner to understand and use
json.dumps({'properties':[ {'type_id': 1006, 'value': 'Chris Meenan' }]})

Is it possible to update other fields which are not properties, like interfaces or the mac address?
Too bad the REST API is not very verbose when it comes to invalid input ... :)

from api-samples.

thanks,

the structure of the input is also outlined in the online API documentation available at https:///restapi/doc. If you open the end point and click on the 'View' link you will see a sample for each parameter. I just copied and pasted that and inserted a couple of examples as above.

I think they could be more verbose, but thankfully the data structures are pretty straightforward.

Currently the asset API only accepts properties returned by the properties end point, but we do want to expand it to include MACs, interfaces and IPs. Those can be feed in via identity events into QRAdar, but I do admit via the API would be much better (in this instance!).

from api-samples.

In the previous version of Qradar the sample was not very helpful and stated for the sample something like this: {'key1' :'value1'} which was not really helpful. I am glad this changed :D

For me (QRadar v7.2.3 Build 918945) the api for /asset_model//properties returns nothing, but of course i can just fill an asset with all the data available and check out what /asset_model/assets returns.

Thanks for the support, it still would be great if this repository has an example for updating an asset :) or at least a link to the repository you mentioned before.

from api-samples.

i hope that qradar will have an 'asset insert' soon :)

from api-samples.