External API Calls for Specific Incident Fields

In our SOC environment, Resilient is fetching data from QRadar via AppConnect.

In turn, Resilient's data is being fetched from a data dashboard consolidator software via AppConnect.

The issue we are facing in this scenario is that the in-built API libraries within Resilient can only fetch the entire incident object, and not simply just a specific field, e.g. in order to return the incident's name, AppConnect would need to process the entire Incident object, and then acquire the name field.

As such, as our environment requires the dashboard consolidator to constantly fetch data from Resilient to transform and present it, fetching an entire Incident instead of just a certain field would lead to longer processing times, especially if there are a few hundreds of incidents.

Henceforth, we would like to explore a capability for Resilient to be able to support API calling specific incident fields, as this would also lead to Resilient being able to handle API calls in a more optimised manner.

  • Guest
  • Apr 20 2021
  • Under review
  • Guest commented
    20 Apr 06:01pm

    This enhancement will help to get the data on without additional overhead on rest services and better performance though put.