IBM Security Resilient

Expand all | Collapse all

After escalation create Offense note of the escalation and its date

  • 1.  After escalation create Offense note of the escalation and its date

    Posted Wed February 19, 2020 07:19 AM
    Hi,

    Is it possible to automatically create at every escalation an Offense note of the escalation, its date, the Incident number and URL?

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: After escalation create Offense note of the escalation and its date

    Posted Thu March 12, 2020 10:53 AM
    When QRadar is creating an offense in Resilient, it has the possibility to synchronize all Notes from resilient to QRadar.
    You can create a rule that will launch a script at every "escalation" condition is valid
    The script will create a text with the information you want like its date, the Incident number and URL.
    You add a note using incident.addNote("text")
    or in Rich text like this sample:
    rich_text = u"<h4><u><b>CVE Searchfrom CVE-ID: {}</h4></u></b><br>{}".format(artifact.value,value_data)
    incident.addNote(helper.createRichText(rich_text))
    The Resilient integration in QRadar will update the Offense Note.

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------