Security Engineer for a small company. I’m tasked with integrating automated ticketing between the alerts we get from Rapid7 IDR/VM and Crowdstrike into Freshservice ticketing service. Rapid7 does not have integrated ticketing with this system. The other option is to feed an email account that all the alerts get sent to into the ticketing system and separate out based on the subject line. However, this option is less verbose than we would like in order to build good tickets with needed information.
I know how to code OK, though not in python like this will be but I wanted to get some feedback on what the best way to get this done is. The API call to create the ticket is easy, I’m just trying to figure out the getting the new alerts from R7 into the program first. Am I going to have to loop an API call into Rapid7 to grab any new alerts? Then parse out the data and populate the fields to the ticketing service API? Is there a better way to do this? Just curious as this is my first couple weeks as an engineer having moved from analysis. Never worked with API’s really in coding.