IBM Security QRadar SOAR

 View Only
  • 1.  Automatically trigger artifact playbook on Incident creation with Artifact

    Posted Mon April 25, 2022 06:05 AM
    Hi.

    I've taken a working artifact manually activated playbook and am trying to make it fire automatically when a certain type of incident with an IP Artifact is created in QRadar.
    However, making the playbook type Artifact and automatic didn't seem to help.
    Is there a way to see why it failed to match, or did I create a totally wrong type of automatic playbook?

    Thank you.

    ------------------------------
    Pumynt Chooboonraj
    Solution Architect
    Sphere Grouppe Pty Ltd
    Melbourne VIC
    ------------------------------


  • 2.  RE: Automatically trigger artifact playbook on Incident creation with Artifact

    Posted 30 days ago
    If you can post a screenshot of the activation conditions it may shed light on what the issue could be.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: Automatically trigger artifact playbook on Incident creation with Artifact

    Posted 30 days ago
    Hi.

    Screenshot requested.


    ------------------------------
    Pumynt Chooboonraj
    Solution Architect
    Sphere Grouppe Pty Ltd
    Melbourne VIC
    ------------------------------



  • 4.  RE: Automatically trigger artifact playbook on Incident creation with Artifact

    Posted 30 days ago
    This looks good. When you create an artifact that matches these conditions, the playbook is not started? If not, make sure that the playbook is "enabled". There is a toggle at the top of the playbook.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 5.  RE: Automatically trigger artifact playbook on Incident creation with Artifact

    Posted 27 days ago
    That's correct, the playbook isn't started and the playbook is enabled.

    ------------------------------
    Pumynt Chooboonraj
    Solution Architect
    Sphere Grouppe Pty Ltd
    Melbourne VIC
    ------------------------------



  • 6.  RE: Automatically trigger artifact playbook on Incident creation with Artifact

    Posted 23 days ago
    Is there a way to see 'debug' or trace logs for playbooks when an incident gets created?

    ------------------------------
    Pumynt Chooboonraj
    Solution Architect
    Sphere Grouppe Pty Ltd
    Melbourne VIC
    ------------------------------