1. We are trying to integrate information from threat feeds such as Shodan and IBM X-force into Analysis part of an incident.
2. The API call is made on a custom artifact type. Here, in this case the custom artifact type is "SHA 1 Malware Hash". Now, the artifact value which here is SHA1 hash is getting added into artifacts after the QRadar Ariel query gets successfully executed as the value is getting fetched from QRadar.
3. Once the value is added to artifact, the API call is being made to the respective threat feed. The issue we are facing here is, before getting the response from API the analysis gets populated by another information. And after the analysis population, the API response is received.
4. We intend to add the API response into the analysis before the other information gets added. So to conclude, we want to control timely execution of workflows with its sequence and since these workflows are on different data types we cannot create nested workflows with timer function.
Note: The API response is one of the part of Analysis.
------------------------------
Akhilesh Deshmukh
Data Analyst, SecurityHQ
------------------------------