IBM QRadar SOAR Python Libraries v50.0.151
Our following Python Libraries have been updated to version 50.0.151:
What’s New
Version 50.0.151 of the QRadar SOAR Python libraries introduces changes to allow secrets in function inputs and improvements for the SDK-generated documentation for apps using Playbooks.
One key change is the deprecation of email and password for integration server connections. If you are still working with email and password for app authentication, please consider moving to API Key/Secret authentication as soon as possible. App Host deployed apps will use API keys by default. For information on creating an API key click here.
Change Log
resilient-sdk
- Playbook details, including activation conditions, function scripts, and more are now supported in the README.md created by the
docgen command. Make sure to include the Playbook in your package when you create the app with codegen.
- Sub-playbooks are also supported with
docgen. Sub-playbooks can be included in a package with codegen the same way that standard Playbooks are included.
- Both Playbooks and Sub-playbooks details are greatly enhanced in the
/data/pb_<playbook_api_name>.md files generated by codegen.
resilient-circuits
- Function inputs in Playbook and Workflows (static or script) now support referencing app secrets. These secrets can be directly injected into a function input using bash-like syntax with
$ reserved for app secrets and ^ reserved for PAM secrets:
inputs.fn_my_fn_input_1 = "$SECRET_FROM_APP_HOST_PROTECTED_SECRETS"
inputs.fn_my_fn_input_2 = "Here we can insert our ${SECRET_FROM_APP_HOST} in the middle of the string"
inputs.fn_my_fn_input_3 = "^SECRET_FROM_PAM"
This will allow apps to safely use secrets in situations where the function input is the only way to pass the value to an app. The major advantage of this is that secrets no longer need to be exposed in plain-text in playbooks.
Both protected secrets, regular app host secrets, and PAM secrets are supported. For more info on "PAM secrets" see: https://ibm.biz/soar-pam-app-plugins. If a secret is not intended to be used and you wish to pass through either $- or ^-prefixed values in function inputs, as long as the value following the reserved character is not found in secrets, the plain-text value of the function input will pass through as desired. This means that for any existing apps which intend to pass prefixed values into function inputs, no change is required.
Apps must be running resilient-circuits>=50.0 to take advantage of this change.
You can update your copies of each package using the pip install --upgrade command. For example:
pip install --upgrade "resilient-sdk>=50.0.151"
Checkout the Change Log and our docs at https://ibm.biz/soar-python-docs for more details.