IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Can we create SLA breach notification on Resilient?

  • 1.  Can we create SLA breach notification on Resilient?

    Posted Thu March 28, 2019 12:59 AM

    Hi All,

    Greetings for the day!!

    I tried using Milestone option but It's (Milestone)  not allowing me to do so. Giving an error that I can not put future date & Time.

    My requirement is to send a notification to our management in case of SLA breach. Please suggest.


    --

    Thanks,

    Ravi Sharma



    ------------------------------
    --
    Thanks,
    Ravi Sharma
    Fms SOC
    ------------------------------


  • 2.  RE: Can we create SLA breach notification on Resilient?

    Posted Fri March 29, 2019 12:41 PM
    Edited by Brenden Glynn Tue April 02, 2019 11:21 AM
    Ravi,

    Thank you for the question. Currently we can create Notifications using a Task Due Date as the condition (and any other type of Date Field). The granularity at the moment is in Days. So it is currently a limitation, as you can only send a Notification a day Before (is within) or After (is past) the Task Due Date.

    There is an Idea to allow for more granular time periods (minutes) for Date Fields used in Rules and Notifications. Please have a look at this idea, and if it meets your needs please vote on it, so we can prioritize it with our product Management Team.

    In addition to a Notification, with this feature in place, you can use a Rule to create a Milestone, Note for example of the Task Due Date (SLA) breach, or of another SLA set in an Incident Field.

    Resilient Idea:

    Add Minute granularity Date options to Notifications/Rules
     
    https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-16

    Edit: Correction - Changed Hours to Days

    ------------------------------
    Brenden Glynn
    CISSP, GCIH
    Incident Response Business Consultant
    IBM Resilient
    ------------------------------



  • 3.  RE: Can we create SLA breach notification on Resilient?

    Posted Mon April 01, 2019 02:17 AM

    Thanks for your reply Brenden,

    Currently we are at Resilient Version: 31.0.4254, I do not think we have a option for setting the notification  for an hour Before (is within) or After (is past), I could see only days.

    Could you please send me the steps to achieve this particular need (SLA breach notification).

    --

    Thanks in advance,

    Ravi Sharma



    ------------------------------
    Fms SOC
    ------------------------------



  • 4.  RE: Can we create SLA breach notification on Resilient?

    Posted Tue April 02, 2019 11:16 AM
    Edited by Brenden Glynn Tue April 02, 2019 11:20 AM
    Ravi,

    That way my mistake to list Hours in my response. As you mentioned/discovered, the current smallest granularity in any release of Resilient in Notifications and Rules is 1 Day. If you would like a more granular value (hours, or minutes, I recommend minutes). Please vote on the Idea I listed above (and below) to show your desire for this ability.

    Resilient Idea:

    Add Minute granularity Date options to Notifications/Rules
     
    https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-16

    ------------------------------
    Brenden Glynn
    CISSP, GCIH
    Incident Response Business Consultant
    IBM Resilient
    ------------------------------



  • 5.  RE: Can we create SLA breach notification on Resilient?

    Posted Mon April 08, 2019 08:23 AM

    Thanks Brenden,

    I explored available options but failed to fulfill my requirements. If you can share the steps how to do that using other data fields that would be really appriciable.  



    ------------------------------
    Fms SOC
    ------------------------------



  • 6.  RE: Can we create SLA breach notification on Resilient?

    Posted Wed April 10, 2019 02:46 AM
    Please suggest

    ------------------------------
    Fms SOC
    ------------------------------



  • 7.  RE: Can we create SLA breach notification on Resilient?

    Posted Wed April 10, 2019 08:53 PM
    Hi Ravi,

    Currently there are no solutions other than I mentioned previously.

    Resilient will be addressing SLAs in future releases. No timeframe I can comment on as of today.

    Thank you for your request.

    ------------------------------
    Brenden Glynn
    CISSP, GCIH
    Incident Response Business Consultant
    IBM Resilient
    ------------------------------



  • 8.  RE: Can we create SLA breach notification on Resilient?

    Posted Tue August 18, 2020 10:03 AM
    Hello,

    Is there any advancement on this feature. Furthermore I need  sla report for specific incident type and open/closure time .

    Regards

    ------------------------------
    kadri kocaer
    ------------------------------



  • 9.  RE: Can we create SLA breach notification on Resilient?

    IBM Champion
    Posted Tue August 18, 2020 06:53 PM
    Hi @kadri kocaer,

    This functionality still does not exist in-product for notifications, but you can report on them via dashboard.

    A workaround is to create a custom Python script and run it as a cron job on the integration server to do something like:
    1. Query open incidents every 60 seconds that have not been acknowledged.
    2. For each incident that comes back, check how long it has been open
    3. If SLA is breached, do update the incident to trigger a notification (ie set a field "sla_breached" to "True")

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 10.  RE: Can we create SLA breach notification on Resilient?

    Posted Wed August 19, 2020 01:54 AM
    As Jared mentioned, the recommendation is to use a Phython script utilizing certain date fields
    as well as tracked changes/status of the ticket.
    We currently leverage SLA breaches notifications vs reminders upfront.
    An update on "Due Date" to a more granular perspective would be great.

    ------------------------------
    Robert Doerge
    ------------------------------



  • 11.  RE: Can we create SLA breach notification on Resilient?

    Posted Fri November 20, 2020 06:05 AM
    Hello colleagues!

    Could you please share the scripts?
    I will be very grateful to you!

    A new version (39) has been released, but a smaller values in Due Date has not been added (


    ------------------------------
    Alexandr Lebedev
    ------------------------------