IBM Security QRadar SOAR

 View Only
  • 1.  Best way to poll status regularly

    Posted Fri June 26, 2020 09:57 AM
    Edited by Hock Leong Lim Fri June 26, 2020 09:58 AM
    Hi,

    I'm wondering what's the best way to poll a ticketing system regularly (4 hours apart) for ticket updates of  incidents using resilient.

    I'm thinking of a cron job that pulls a list of incident IDs and the corresponding ticket ID, poll the ticketing system and update resilient incidents. Is there a better way to handle this in workflow or script in resilient?

    Thanks.

    ------------------------------
    Hock Leong Lim
    ------------------------------


  • 2.  RE: Best way to poll status regularly
    Best Answer

    Posted Thu July 02, 2020 03:28 AM

    Hi Hock Leong Lim,

    A way to automate this in resilient would be to avail of the Scheduler integration:

    https://exchange.xforce.ibmcloud.com/hub/extension/4917b8a4bb53c46a7c63efa4e65238e4

    It is possible to write a simple rule that automatically polls the ticketing system via api calls, then using the Resilient Client to update associated incidents in an automated fashion. The scheduler then has a cron capability to run at the specified interval (4 hrs) and can be made to run conditionally on incidents that need to be updated based on this ticketing system. The specific of this need to be ironed out for your use case but it should be possible.

    Kind regards,



    ------------------------------
    Sean OGorman
    ------------------------------



  • 3.  RE: Best way to poll status regularly

    Posted Sun July 05, 2020 07:38 AM
    Thank you Sean. This is exactly what i was looking for.

    ------------------------------
    Hock Leong Lim
    ------------------------------