FIR icon indicating copy to clipboard operation
FIR copied to clipboard
verified publisher icon certsocietegenerale

API POST example

Open DigiAngel opened this issue 9 years ago • 10 comments

For the life of me I am unable to get any data into FIR using the API/JSON. I keep getting:

JSON parse error - No JSON object could be decoded

Is there an example somewhere I can look at? Even just something using curl would help..thank you.

DigiAngel avatar Feb 17 '17 15:02 DigiAngel

DigiAngel,

Here is an example of something similar to what I've done in the past (in Python) for creating an event via the API. You probably won't need to load all the modules.

import sys, json, urllib2, base64, requests, os, re from requests.auth import HTTPBasicAuth

fir = "https://fir-server/api/incidents"

headers = { 'Authorization' : 'Token thisisyourapitoken', 'Content-type' : 'application/json' }

data = {

"actor" : "3",
"category": "3",
"confidentiality": "1",
"description": "This is a test ticket created by the API. ",
"detection": "2",
"plan" : "8",
"severity": "2",
"subject": "New Ticket"

}

response = requests.post(fir, headers=headers, data=json.dumps(data), verify=False) print response.content

Hope this helps.

Thanks, Wes

weslambert avatar Feb 20 '17 14:02 weslambert

Keep in mind, you may want to verify certs, as described here:

http://docs.python-requests.org/en/master/user/advanced/

Thanks, Wes

weslambert avatar Feb 20 '17 14:02 weslambert

Thank you....I'll post a curl example here Monday that I worked up...maybe this would be something good to include in the docs?

DigiAngel avatar Feb 25 '17 12:02 DigiAngel

Yes, I think it would be great if we could include multiple examples of achieving this in the wiki (curl,python, etc.) to help other poor souls who may come across the same frustration. 👍

weslambert avatar Feb 25 '17 13:02 weslambert

Please do! We'd be more than happy to add examples and use-cases to the wiki :)

tomchop avatar Feb 25 '17 14:02 tomchop

@tomchop,

Should this be done through a pull request? I noticed we are not able to modify the wiki.

Thanks, Wes

weslambert avatar Feb 25 '17 14:02 weslambert

Yes there doesn't seem to be a straightforward way to accept PRs in Wikis. Maybe @gaelmuller has a better idea, but it would probably be enough to just create a new issue with your markdown there.

tomchop avatar Feb 25 '17 14:02 tomchop

I think we can put all the documentation regarding the API in fir_api's README. This is the current convention for plugins' documentation.

This way, updates to the documentation can be submitted as pull requests.

gaelmuller avatar Feb 25 '17 19:02 gaelmuller

Example line below:

curl -H "Content-Type: application/json; charset=UTF-8" -H "Authorization: Token xxxxxxxxxxxxxxxxxxxxxxxx" -X POST --data-binary '{"detection":2,"actor":3,"plan":5,"date":"2017-02-17T09:55:56","is_starred":false,"subject":"API Test Event","description":"Another API test","severity":1,"is_incident":false,"is_major":false,"status":"O","confidentiality":1,"category":1,"opened_by":1,"concerned_business_lines":[1]}'  http://x.x.x.x:8000/api/incidents

This works direct via command line and scripts on Linux.

DigiAngel avatar Feb 27 '17 15:02 DigiAngel

Collecting some security tool APIS I would love to add FIR to the list but I feel the API documentation is not yet good enough, any estimation when this will be finished?

Thx

jaegeral avatar Jan 13 '18 17:01 jaegeral