IBM Security Resilient

Expand all | Collapse all

After escalation create Offense note of the escalation and its date

  • 1.  After escalation create Offense note of the escalation and its date

    Posted Wed February 19, 2020 07:19 AM
    Hi,

    Is it possible to automatically create at every escalation an Offense note of the escalation, its date, the Incident number and URL?

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: After escalation create Offense note of the escalation and its date

    Posted 20 days ago
    When QRadar is creating an offense in Resilient, it has the possibility to synchronize all Notes from resilient to QRadar.
    You can create a rule that will launch a script at every "escalation" condition is valid
    The script will create a text with the information you want like its date, the Incident number and URL.
    You add a note using incident.addNote("text")
    or in Rich text like this sample:
    rich_text = u"<h4><u><b>CVE Searchfrom CVE-ID: {}</h4></u></b><br>{}".format(artifact.value,value_data)
    incident.addNote(helper.createRichText(rich_text))
    The Resilient integration in QRadar will update the Offense Note.

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------