Hey @sgroeneveld
I described how you can do this in another thread earlier today: ICON Send Artifacts to IDR Investigation after Custom Pattern Alert - #5 by richard_davidsson
Check if that can help you building it natively in ICON without having to create the python integration.