Hi jose g

We have many "polling" apps on the AppExchange that poll third party endpoints and create cases. Example EDR polling apps are SentinelOne and VMware Carbon Black Cloud. 

To create a polling app, start by using resilient-sdk command:

 resilient-sdk codegen -p fn_package_name --poller

to create the polling app directory framework and template files.

Let me know if you need more info.

Original Message:
Sent: Thu February 27, 2025 10:54 AM
From: jose g
Subject: SOAR - es posible agregar en la bandeja de Incidentes del SOAR incidentes automáticos de terceros

good morning community.

 

I have a question that I want to share with you, I have an integrated Cortex EDR API, my question is if incidents can be added automatically to the incident tray.

 

I have seen that incidents are automatically escalated if you have a siem qradar and its SOAR plugin configured, in the case you want to add from a third party incident source is it possible to add to the incident tray?

------------------------------
jose g
------------------------------

We do have a Cortex XDR app on the AppExchange Cortex XDR .

This app only has functions (no playbooks or polling).  If you'd like us to enhance and create a polling app, submit a request for enhancement (RFE) here : https://ideas.ibm.com/

Original Message:
Sent: Fri February 28, 2025 09:51 AM
From: AnnMarie Norcross
Subject: SOAR - es posible agregar en la bandeja de Incidentes del SOAR incidentes automáticos de terceros

Hi jose g

We have many "polling" apps on the AppExchange that poll third party endpoints and create cases. Example EDR polling apps are SentinelOne and VMware Carbon Black Cloud. 

To create a polling app, start by using resilient-sdk command:

 resilient-sdk codegen -p fn_package_name --poller

to create the polling app directory framework and template files.

Let me know if you need more info.

------------------------------
AnnMarie Norcross

Original Message:
Sent: Thu February 27, 2025 10:54 AM
From: jose g
Subject: SOAR - es posible agregar en la bandeja de Incidentes del SOAR incidentes automáticos de terceros

good morning community.

 

I have a question that I want to share with you, I have an integrated Cortex EDR API, my question is if incidents can be added automatically to the incident tray.

 

I have seen that incidents are automatically escalated if you have a siem qradar and its SOAR plugin configured, in the case you want to add from a third party incident source is it possible to add to the incident tray?

------------------------------
jose g
------------------------------