IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Playbook Suggestion : Add note with multiple incident

  • 1.  Playbook Suggestion : Add note with multiple incident

    Posted Mon October 30, 2023 11:16 AM

    Hi ,

    i want to create playbook/customisation, where i can add note with multiple incident and note should reflected to QRadar.

    Thanks in Advance.



    ------------------------------
    Bhagyesh Limbad
    ------------------------------


  • 2.  RE: Playbook Suggestion : Add note with multiple incident

    Posted Tue October 31, 2023 09:09 AM

    Hi -

    This is not possible within the Playbook editor -- the highest level of access that a single Playbook has, is the incident that it is called from (including when called from a Note, an Artifact, etc..., it will always have access to that incident). 

    The only way to approach a problem like this would be to engineer a function that runs in an app to post a note to any incident you want. This would involve writing custom Python code to hit the SOAR REST APIs and packaging that code in an app. There are many resources in the Security Learning page that describe how to create a custom app from scratch.

    I hope this helps!



    ------------------------------
    Bo Bleckel
    ------------------------------

    Original Message


Related Content