We have recently created a Python script utilizing the API that retrieves incident details, copies these details to a SQL server, and then tags a custom attribute that we can later filter on for a deletion job.
The script is working correctly however is a bit slower than we need to keep up with volume. We’re getting about 5000 incidents an hour but unfortunately we on occasion have more incidents than that (using DLP to monitor USB activity).
The documentation for the API mentions a way to batch calls….
The client can request these incidents individually, or the client can make a Web Service call that uses a “batched” approach where the client requests incident data for multiple incidents in a single call. When you request incident IDs in batches, you can improve performance of the client. Symantec recommends that you use batches of 50 to 100 incidents for best performance.
….however they don’t mention how to do this. I have played around with the script and SOAP UI to try to pass more than one incident ID through at a time however I haven’t had any luck getting results that way.
I believe our issue is mainly network latency so bulk requesting these should make a huge difference in performance. Any thoughts?