reciving a data from a GET request and sending it as another POST request

tobenary · May 28, 2018, 9:33am

Hi,

I want to be able to automate this task, is it possible to do it?

I’m sending a GET request and I’m getting JSON data contained the below.
I want to take the changing “id” ( “id”: “5af155b9ae908e2082961573” ) and to send it as a parameter to a POST request.

I can confirm I read the doc w/o understanding what to do.

As you can see, the “id” is changing in each of the replies.

[ 
{ 
"resolved": true, 
"classifier_name": "LOGIC", 
"mitigation_status": 0, 
"mitigation_results": {}, 
"description": "malware detected - not mitigated yet", 
"marked_as_benign": true, 
"from_scan": false, 
"mitigation_report": { 
"rollback": { 
"status": null 
}, 
"quarantine": { 
"status": "success" 
}, 
"network_quarantine": { 
"status": null 
}, 
"kill": { 
"status": "success" 
}, 
"remediate": { 
"status": null 
} 
}, 
"in_quarantine": false, 
"agent": "5a38dd30ae908e0635741f3b", 
"engine_data": [ 
{ 
"engine": "executables", 
"asset_name": "logicconfigs", 
"asset_version": "6003" 
} 
], 
"meta_data": { 
"created_at": "2018-05-08T07:46:01.750000Z", 
"updated_at": "2018-05-08T07:46:56.670000Z" 
}, 
"file_id": { 
"display_name": "Skype.exe", 
"permission": "", 
"hash_reputation": null, 
"path": "\\Device\\HarddiskVolume4\\Program Files (x86)\\Skype\\Phone\\Skype.exe", 
"content_hash": "8fa27308114af17ae23e548add941b03526a8f7a", 
"is_system": false, 
"object_id": "FBAFB04148D78C91", 
"size": 0 
}, 
"cert_id": "SKYPE SOFTWARE SARL", 
"from_cloud": false, 
"is_partial_story": null, 
"mitigation_mode": "protect", 
"is_cert_valid": true, 
"id": "5af155b9ae908e2082961573", 
"silent_threat": false, 
"username": "FAODOMAIN\\CIRILLO", 
"publisher": "SKYPE SOFTWARE SARL", 
"annotation": null, 
"browser_type": null, 
"classifications": [ 
{ 
"source": "Engine", 
"classification": "Malware" 
} 
], 
"extension": "EXE", 
"malicious_process_arguments": "/minimized /regrun", 
"in_learning_mode": true, 
"affected_files": [], 
"annotation_url": null, 
"learning_mode": false, 
"mitigation_actions": [], 
"whitening_options": [ 
"path", 
"certificate", 
"file_hash" 
], 
"created_date": "2018-05-08T07:45:59.244000Z", 
"indicators": [], 
"suspicious": false, 
"hidden": false, 
"mitigation_mode_suspicious": "detect", 
"malicious_group_id": "C6B2D0C6362E2100", 
"agent_version": "2.1.2.6003" 
}, 
{ 
"resolved": true, 
"classifier_name": "LOGIC", 
"mitigation_status": 0, 
"mitigation_results": {}, 
"description": "malware detected - not mitigated yet", 
"marked_as_benign": true, 
"from_scan": false, 
"mitigation_report": { 
"rollback": { 
"status": null 
}, 
"quarantine": { 
"status": "success" 
}, 
"network_quarantine": { 
"status": null 
}, 
"kill": { 
"status": "success" 
}, 
"remediate": { 
"status": null 
} 
}, 
"in_quarantine": false, 
"agent": "5a337c4fae908e063571ba0b", 
"engine_data": [ 
{ 
"engine": "executables", 
"asset_name": "logicconfigs", 
"asset_version": "6003" 
} 
], 
"meta_data": { 
"created_at": "2018-05-08T06:59:46.101000Z", 
"updated_at": "2018-05-08T07:47:39.527000Z" 
}, 
"file_id": { 
"display_name": "Skype.exe", 
"permission": "", 
"hash_reputation": null, 
"path": "\\Device\\HarddiskVolume2\\Program Files (x86)\\Skype\\Phone\\Skype.exe", 
"content_hash": "8fa27308114af17ae23e548add941b03526a8f7a", 
"is_system": false, 
"object_id": "573599FBF87C92DD", 
"size": 0 
}, 
"cert_id": "SKYPE SOFTWARE SARL", 
"from_cloud": false, 
"is_partial_story": null, 
"mitigation_mode": "protect", 
"is_cert_valid": true, 
"id": "5af14ae2ae908e208497bb8a", 
"silent_threat": false, 
"username": "FAODOMAIN\\DEMANET", 
"publisher": "SKYPE SOFTWARE SARL", 
"annotation": null, 
"browser_type": null, 
"classifications": [ 
{ 
"source": "Engine", 
"classification": "Malware" 
} 
], 
"extension": "EXE", 
"malicious_process_arguments": "/minimized /regrun", 
"in_learning_mode": true, 
"affected_files": [], 
"annotation_url": null, 
"learning_mode": false, 
"mitigation_actions": [], 
"whitening_options": [ 
"path", 
"certificate", 
"file_hash" 
], 
"created_date": "2018-05-08T06:59:44.119000Z", 
"indicators": [], 
"suspicious": false, 
"hidden": false, 
"mitigation_mode_suspicious": "detect", 
"malicious_group_id": "E6EB452FEA2D596B", 
"agent_version": "2.1.2.6003" 
},

gopikrishna4595 · May 28, 2018, 11:43am

Hi @tobenary ,
as per my understanding,
try this in Tests Tab in Get request Api,

var jsonData = JSON.parse(responseBody);
//console.log(jsonData);

postman.setEnvironmentVariable("ID", jsonData.id);

and in Post request Api use the id value like below,

{
{
      "XXXXX": "YYYY",
        "XXXXXXXXX": "{{id}}",
        "XXX": "{{abc}}"
    }
}

Hope this helps your scenario. Let know if anything needed

tobenary · May 29, 2018, 6:10am

Hey @gopikrishna4595

I did it and I got the below picture.
Please note that I changed the capital ID to small caps after verifying both are not working.

The next POST command should use each {id}( number ) and create a “for loop” and repeat the post commands

x times ( Where x is the number of occurrences it got from the GET command.

The next Post command looks like this:
tomerb.XYZt/web/api/v1.6/threats/{id}/mitigate/kill

But again, I’m getting Unexpected ‘<’

Appriciate your answer.