IBM Security QRadar SOAR

 View Only

User response web form

  • 1.  User response web form

    Posted Thu June 25, 2020 04:39 AM
    We have requirement for creating interactive web forms (probably HTML) to send in email from Resilient whenever an Analyst clicks on a button in order to inquire more information from user like whether he has clicked on a link etc.

    Here are a bit more specific requirements

    • Email contains hyperlinked YES / NO buttons.
    If user clicks YES, form opens in external webpage to submit additional justification/explanation why such actions were performed. Once he/she submits the form, this information is posted as a note in the associated Resilient ticket in a such or similar manner: "User Name  confirmed the action was executed legitimately with additional explanation: XXXXX". Resilient does not make any other additional action at this point, incident and user's response will be reviewed as per usual process (still requires some critical evaluation by the analyst to assess if user's response is making sense) which could be in a few hours or could be next time analyst who owns it will be on shift.


    If user clicks NO, immediately Resilient workflow kicks to put this as a note in the incident "User Name does not recognize the actions identified on the endpoint" and email is sent to leads that this ticket requires immediate attention OR it is escalated to Cyber Response.

    Currently I know we have email sending functionality but not sure how to embed a link in it for a webform to be dynamically opened from email via click of button. Is there any in-built feature available or any ideas how to achieve this?


    ------------------------------
    Arjun Jaiswal
    ------------------------------