IBM Security QRadar SOAR

 View Only
  • 1.  Playbook Designer Gateways

    Posted Wed May 26, 2021 02:15 PM
    I need to replace one of my workflows that use the Timer function with a Playbook using the Wait Point because the Timer function is causing issues with the Utilities queue. I understand that more functionality will be coming in the future for the Playbook Designer, but in the meantime I need to know how to use scripts within a Playbook as a decision gateway so that one scenario does not go to a Outbound Mail function, but rather just ends. OR I need to know how to stop a function from executing within the pre-process script in the Playbook.

    My use case is sending email replies to every user added to a data table, but only once a certain incident field has been completed, which determines the content of the email reply. It can sometimes be days between the time the data table entry is added and the required field is completed.

    In the following example, if the incident field is a certain value then I just want the playbook to end and not continue through to the Outbound Email function.



    ------------------------------
    Ryan Terry
    ------------------------------


  • 2.  RE: Playbook Designer Gateways

    Posted Thu May 27, 2021 08:29 AM
    Ryan,

    The wait point doesn't accomplish the same thing as the Timer function so I'm not certain they are interchangeable for your use case. A wait point only waits until all incoming paths are finished. The Timer function pauses a path for a given amount of time.

    To accomplish "if the incident field is a certain value then I just want the playbook to end" requires condition points. These allow you to paths that are taken based on incident or playbook data. Condition points are being actively worked on right now.

    With regards to waiting for the incident data to be filled in, one way to do that is to create a task for the user. The task tells the user to fill in the data. They fill in the data and close the task. This then allows the playbook to continue.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: Playbook Designer Gateways

    Posted Wed June 02, 2021 03:23 PM
    @Ben Lurie, is there a time estimate as to when the condition points will be available?   We're in the midst of creating/redoing our playbooks through the Playbook designer interface and if the release is close it may be worthwhile waiting.

    ------------------------------
    PAUL FORMOSA
    ------------------------------



  • 4.  RE: Playbook Designer Gateways

    Posted Thu June 03, 2021 09:52 AM
    I'm not a product manager so can't answer that definitively. But it should be the next major version. It won't have scripting conditions yet. That would come after.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 5.  RE: Playbook Designer Gateways

    Posted Thu June 03, 2021 10:04 AM
    Thanks Ben.

    ------------------------------
    PAUL FORMOSA
    ------------------------------