We are using the /external/v1/cases/AddEvidence/ endpoint to add evidence as an attachment to a case. Despite passing IsImportant: true in the request body, the isFavorite field in the API response always returns false.
Page 1 / 1
Hi All,
Can anyone reply?
@vanitharaj1208 could this be an issue in the code with isFavorite vs IsFavorite (capital i)?
@vanitharaj1208 could this be an issue in the code with isFavorite vs IsFavorite (capital i)?
I can't tell based on the small snippet of code. Could you provide the full body of the request?
I can't tell based on the small snippet of code. Could you provide the full body of the request?
Hi James,
sure.. the issue is isfavorite is always false
body = {
"CaseIdentifier": case_id,
"Base64Blob": base64_blob,
"Name": name,
"Description": description,
"Type":file_type,
"IsImportant": isFavorite
}
response = requests.post(
f'{siemplify.API_ROOT}/external/v1/cases/AddEvidence/',
json=body,
headers=headers,
verify=verify_ssl
)
json_response = response.json()
siemplify.result.add_result_json(json.dumps(json_response))
-----------------
Response:
{
"evidenceName": "File1",
"description": null,
"comment": null,
"commentForClient": "Description",
"modificationTimeUnixTimeInMsForClient": 1735509449852,
"evidenceThumbnailBase64": "",
"evidenceId": 1748,
"commentId": 2982,
"fileType": ".csv",
"lastEditor": null,
"lastEditorFullName": null,
"isDeleted": false,
"creatorUserId": "Automation",
"creatorFullName": null,
"id": 2982,
"type": 4,
"caseId": 8342,
"isFavorite": false,
"modificationTimeUnixTimeInMs": 0,
"creationTimeUnixTimeInMs": 1735509449852,
"alertIdentifier": null
}
"evidenceName": "File1",
"description": null,
"comment": null,
"commentForClient": "Description",
"modificationTimeUnixTimeInMsForClient": 1735509449852,
"evidenceThumbnailBase64": "",
"evidenceId": 1748,
"commentId": 2982,
"fileType": ".csv",
"lastEditor": null,
"lastEditorFullName": null,
"isDeleted": false,
"creatorUserId": "Automation",
"creatorFullName": null,
"id": 2982,
"type": 4,
"caseId": 8342,
"isFavorite": false,
"modificationTimeUnixTimeInMs": 0,
"creationTimeUnixTimeInMs": 1735509449852,
"alertIdentifier": null
}
@vanitharaj1208 could this be an issue in the code with isFavorite vs IsFavorite (capital i)?
in swagger the API endpoint "siemplify.API_ROOT}/external/v1/cases/AddEvidence/" is Deprecated yet still used in add attachment action in File utilities ... (this action should display a message endpoint is deprecated.)
- is there any alternative action to attach case evidence like files json,csv,etc to the case wall?
@vanitharaj1208 just an FYI, the `/external/v1/cases/AddEvidence/` API endpoint is deprecated for `api/external/v1/cases/comments`. Give me a little bit, I'm looking to see if there's another API call to use to mark a case comment as favorite.
@vanitharaj1208 it looks like `/api/external/v1/cases/wall/favourite` can be used to set an item as favourite.
@vanitharaj1208 you can also use the SiemplifyAction module add_attachment() to set it too. It is documented here: https://cloud.google.com/chronicle/docs/soar/reference/siemplify-action-module#add-attachment-siemplify-action
@vanitharaj1208 It looks like you can use the api that is suggested in the description section of add evidence to add attachments (Post - api/external/v1/cases/comments). This is what the payload would look like:
{
"caseId": 284,
"comment": "<p>testing</p>",
"isImportant": false,
"base64Blob": "<base64blob of file>",
"type": ".json",
"name": "testing.pdf"
}
As for how to mark a comment in the case wall as favorite you would need to use the api endpoint below:
thank you @ddiserens @James_E
@vanitharaj1208 It looks like you can use the api that is suggested in the description section of add evidence to add attachments (Post - api/external/v1/cases/comments). This is what the payload would look like:
{
"caseId": 284,
"comment": "<p>testing</p>",
"isImportant": false,
"base64Blob": "<base64blob of file>",
"type": ".json",
"name": "testing.pdf"
}
As for how to mark a comment in the case wall as favorite you would need to use the api endpoint below:
Hi @ddiserens ,
Request body for favorite being sent: {"isFavorite": true, "recordId": 1927, "type": 0, "activityKind": 0}
Full API Response for favorite: response is null
is request right?
Hi @ddiserens ,
Request body for favorite being sent: {"isFavorite": true, "recordId": 1927, "type": 0, "activityKind": 0}
Full API Response for favorite: response is null
is request right?
can anyone reply
can anyone reply
You should get a HTTP status code of 200. The swagger API docs don't show any other response. You could also validate by looking in the UI to see if the case was marked as favorite.
can anyone reply
There are a couple things you will need to consider and its the type and activitykind. make sure those are correct when you run your api call.
Also, to validate that the isFavorite worked you can run a second call to this endpoint:
api/external/v1/dynamic-cases/GetCaseWallActivitiesWith the following payload, which will filter the case wall activity by what has been favorited.
{
"searchTerm": "",
"requestedPage": 0,
"pageSize": 20,
"caseId": 284,
"sortOrder": "desc",
"activities": [11],
"alert": "ALL",
"users": []
}Activities 11 is the activity code for this call for isFavorited. You would need to also make sure to insert the correct case number.
Here is the output of that command:
{
"objectsList": [
{
"evidenceName": "Shared_Tools_1_JSON_Result",
"description": null,
"comment": null,
"commentForClient": "<p>testing</p>",
"modificationTimeUnixTimeInMsForClient": 1735586641255,
"evidenceThumbnailBase64": null,
"evidenceId": 295,
"commentId": 295,
"fileType": ".json",
"lastEditor": "7220406b-7c09-402f-9c5f-92b8953aeee7",
"lastEditorFullName": null,
"isDeleted": false,
"creatorUserId": "7220406b-7c09-402f-9c5f-92b8953aeee7",
"creatorFullName": null,
"id": 295,
"type": 4,
"caseId": 284,
"isFavorite": true,
"modificationTimeUnixTimeInMs": 0,
"creationTimeUnixTimeInMs": 1735586641255,
"alertIdentifier": null
}
],
"metadata": {
"pageSize": 20,
"totalRecordsCount": 0,
"totalNumberOfPages": 0
}
}
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.