IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

After escalation create Offense note of the escalation and its date

  • 1.  After escalation create Offense note of the escalation and its date

    Posted Wed February 19, 2020 07:19 AM
    Hi,

    Is it possible to automatically create at every escalation an Offense note of the escalation, its date, the Incident number and URL?

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: After escalation create Offense note of the escalation and its date

    Posted Thu March 12, 2020 10:53 AM
    When QRadar is creating an offense in Resilient, it has the possibility to synchronize all Notes from resilient to QRadar.
    You can create a rule that will launch a script at every "escalation" condition is valid
    The script will create a text with the information you want like its date, the Incident number and URL.
    You add a note using incident.addNote("text")
    or in Rich text like this sample:
    rich_text = u"<h4><u><b>CVE Searchfrom CVE-ID: {}</h4></u></b><br>{}".format(artifact.value,value_data)
    incident.addNote(helper.createRichText(rich_text))
    The Resilient integration in QRadar will update the Offense Note.

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------

    Original Message


Related Content