![]() ![]() The artifact dictionary does not set the 'container_id' value in this case because the container and artifacts are returned together by the custom script to the platform. You can use the following curl command to test your parse script if you have sample data for testing, such as custom.json.Ĭurl -d -insecure -H "ph-auth-source:asset_name" -H "ph-auth-token." /asset_name is a unique App ID belonging to the installed REST App, as shown in the screenshot. Once the script has been uploaded, direct your tool or 3rd party product to post to /rest/handler/rest_ingest/restdatasource_/ where is the name of the asset you attached your script to. Take note of the "POST incoming for REST Data Source to this location".Select rest - events from the asset drop-down.Scroll to REST Data Source and click CONFIGURE NEW ASSET.Perform the following steps from the Main menu. Setting your script to receive REST requestsĬonfigure your script to receive REST requests by uploading it in the asset configuration screen. Since the final return value is a list, you can create multiple containers from each REST request.Īdd the following code to add logging to your script. The container_ids of the artifacts don't need to be supplied if providing a container. The value for container should be a single dictionary providing the container data and the artifacts value is a list of dictionaries, one for each artifact to be added. The final result from the handle_request function should be a list of dictionaries that contain two keys, container, and artifacts. There is no need to provide the ingest_app_id, asset_id, or label fields, since those are already provided. The resulting container and artifact objects should have the same contents as a REST POST to Phantom, as described in the REST documentation about creating containers and artifacts. To find out more about Django Request objects you can visit the Django documentation at. The Request object contains much more than just the request content, including the HTTP method, which may be useful if you intend to handle GETs and POSTs. The request content is typically all that is needed to construct your container and artifact data. The Django Request object that is passed has a body member that contains the content of the POST, which we convert to native Python data structures using json.loads(). However, the data could be in XML, CSV, or any other format. In the script example, a JSON document is expected to be POSTed. "source_data_identifier": "n4ivxGKh0tHWso74nhJlcSSwKq", "source_data_identifier": "kmjafnviJxaXsRlaIVPm52BbAw", "description": "7PJFMqhL1U1IuK7AuXdJKsoAea", # multiple containers with multiple artifacts by appending toĬopy and paste the following sample data, modify it as necessary, and save it as custom.json. # The result is a list, containing a dictionary of one container and # In this case, there is only one artifact in our example. # You can post multiple artifacts by adding them to the list. # Remove artifact_data from the container data Within that data, there is "artifact_data"Īdata = post_as_json # The example JSON has "container_data" which is the data that # to post a single container and single artifact. # See the documentation link to download the sample JSON # For this example, the incoming request is in JSON format. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |