IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  fn-utilities 1.0.11 - Resilient search - Syntax - develop query and search template

    Posted Thu March 10, 2022 05:15 AM
    Hello everyone.

    I need to use the search function of  fn-utilities 1.0.11, to search for incidents with specific status, and field values.
    based on that I can assign the resultant incidents to different teams, and run actions,...etc

    I am facing issue with the Syntax of the search, I could not find a reference on how to develop templates and queries, with clear values of the "methods".

    below is the simple Pre-processing script I use, which is not accepting my input to search template. 

    inputs.resilient_search_template     ={
    "types": ["incident"],
    "filters": {
    "incident": [{
    "conditions": [{"field_name": "case_status", "method": "equals", "value": ["In Progress"]}]
    }]
    }
    }

    inputs.resilient_search_query     = incident.properties.case_status

    I tried also method "is equal to" similar to the UI rule condition, but it is not making any difference.

    Appreciate your support.

    Regards,

    ------------------------------
    ahmed abushanab
    ------------------------------


  • 2.  RE: fn-utilities 1.0.11 - Resilient search - Syntax - develop query and search template

    Posted Fri March 11, 2022 06:29 AM
    Hello everyone,

    Can you please let me know how to download an older version of fn_utilities than the one published on the app exchange.

    I see the history already on the git hub, on this link, https://github.com/ibmresilient/resilient-community-apps/tree/1477328ff28fd6553ada4b51cb2fed5e1537ee06/fn_utilities.

    I need the latest version that supports. python 2.7. I believe it is 1.0.15 but I am not able to get it as installable pkg.
    I am seeking this as a solution for the above mentioned issue.

    Appreciate your help.

    Regards,




    ------------------------------
    ahmed abushanab
    ------------------------------

    Original Message


  • 3.  RE: fn-utilities 1.0.11 - Resilient search - Syntax - develop query and search template

    Posted Mon March 14, 2022 09:29 AM
    Please open a ticket with support and to request the python 2.7 version of the utilities function.

    ------------------------------
    Elizabeth Hecht
    ------------------------------

    Original Message


  • 4.  RE: fn-utilities 1.0.11 - Resilient search - Syntax - develop query and search template

    Posted Tue March 15, 2022 03:53 AM
    Hi Ahmed,

    Version 2.0.0 is when support was dropped for Python 2.7. That was nearly two years ago.

    Whilst an older version can be found you are knowingly introducing bugs into the application. You may find that the dependant packages are not in line with other functions you have installed so you may come across package dependency problems that pip cannot resolve.

    We have a support policy that we support the latest and one version older. Running such an old version, if you have a problem, IBM Support may insist that you upgrade the version to the latest version available and reproduce. You would need to stand up a Python 3 environment.

    If you are running Resilient Circuits on the OVA then you should think about standing up a separate integration server which breaks the reliance on Python 2.7. Or, you could consider deploying an App Host.

    If you deploy an integration server, you can run different versions of Python on it. Have a look at pyenv and virtualenv. There are some posts relating to them on the community or you can look for these application's wikis for more details.

    ------------------------------
    BEN WILLIAMS
    ------------------------------

    Original Message


Related Content