+2Is there something that needs to be turned on to allow the SOAR CaseSearchEverything endpoint to return data?
We have cases and I can get other SOAR api endpoints to work. This one returns success but never any data even within the swagger UI.
Here's how I'm calling it.
Best answer by mikewilusz
FWIW I looked back in swagger and see the timeRangeFilter parameter isn't mentioned in the CaseSearchEverything endpoint but is mentioned in the GetSearchResultsAsCsv endpoint. I tried it using that endpoint, but got the same empty result set just as csv.
I believe your Python syntax is wrong and you're not passing the query currently. You'll want to update your code to something like this:
response = requests.post(url, headers=headers, json=query)
-mike
+10You need to include the parameter timeRangeFilter in your payload like below and it should work.
{
"startTime": "2023-07-10T00:00:00.000Z",
"endTime": "2023-07-24T00:00:00.000Z",
"timeRangeFilter": 0
}
Let me know if you have any more issues.
-mike
+2You need to include the parameter timeRangeFilter in your payload like below and it should work.
{
"startTime": "2023-07-10T00:00:00.000Z",
"endTime": "2023-07-24T00:00:00.000Z",
"timeRangeFilter": 0
}
Let me know if you have any more issues.
-mike
Thanks, I get the same results? There are 18 cases in the UI that match this time range (though the UI seems to use dd/mm/yyyy, does that matter?)
+2Thanks, I get the same results? There are 18 cases in the UI that match this time range (though the UI seems to use dd/mm/yyyy, does that matter?)
FWIW I looked back in swagger and see the timeRangeFilter parameter isn't mentioned in the CaseSearchEverything endpoint but is mentioned in the GetSearchResultsAsCsv endpoint. I tried it using that endpoint, but got the same empty result set just as csv.
+10FWIW I looked back in swagger and see the timeRangeFilter parameter isn't mentioned in the CaseSearchEverything endpoint but is mentioned in the GetSearchResultsAsCsv endpoint. I tried it using that endpoint, but got the same empty result set just as csv.
I believe your Python syntax is wrong and you're not passing the query currently. You'll want to update your code to something like this:
response = requests.post(url, headers=headers, json=query)
-mike
+2I believe your Python syntax is wrong and you're not passing the query currently. You'll want to update your code to something like this:
response = requests.post(url, headers=headers, json=query)
-mike
Doh, you are correct AND it needs the timeRangeFilter parameter not mentioned in swagger.
Changed it to this and it returns results, thanks!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.