IBM Security QRadar SOAR

Dear All,

We are developing our integration for IBM Resilient platform and trying to render and show data from our APIs but the platform is not offering many options for showing data. What I want to achieve is:

1- Show different tables in a separate tab depending upon the function executed by the user. So for some actions, I would like to show one type of Table and a different table for another function but the problem is that Resilient only allows the tables to be hardcoded and defined once and there is also no option for hiding/showing tables dynamically. I would have to define all the tables which will be present no matter what function is the user executing and populate the ones that I have the data for. This is not good from a UI/UX point-of-view. How can I deal with this situation?

2- The Second option is to use the Rich Text Format in Notes and show the data there but Rich Text Format also does not offer many options. I would like to create different tables for different functions executed. Can someone point me towards how to create tables in rich text format?

I am okay with either of the above if there are any workarounds.

Thanks and Regards,
Umair

------------------------------
Umair Ahmed
------------------------------

Umair,

You can make data tables show up conditionally (and anything else available in an incident tab) by creating a section.

In the layout editor click into the tab you'd like the data to show up in and drag and drop a 'Section' from the 'Blocks' group on the right hand side of the screen into it. Drag your data table(s) into their own separate section(s). Click the wrench on the selection and you can then set a condition for when that section should appear.

Since you want the data table to show up based on a function running I would create a field that would serve as a flag to whether or not the function ran. In the post-process script of the function I would set that flag to the True value, which should trigger the section and the corresponding data table to show up.

Let me know if you have any questions, I'd be happy to help out!



------------------------------
Liam Mahoney
------------------------------

Original Message:
Sent: Thu February 13, 2020 01:16 PM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Dear All,

We are developing our integration for IBM Resilient platform and trying to render and show data from our APIs but the platform is not offering many options for showing data. What I want to achieve is:

1- Show different tables in a separate tab depending upon the function executed by the user. So for some actions, I would like to show one type of Table and a different table for another function but the problem is that Resilient only allows the tables to be hardcoded and defined once and there is also no option for hiding/showing tables dynamically. I would have to define all the tables which will be present no matter what function is the user executing and populate the ones that I have the data for. This is not good from a UI/UX point-of-view. How can I deal with this situation?

2- The Second option is to use the Rich Text Format in Notes and show the data there but Rich Text Format also does not offer many options. I would like to create different tables for different functions executed. Can someone point me towards how to create tables in rich text format?

I am okay with either of the above if there are any workarounds.

Thanks and Regards,
Umair

------------------------------
Umair Ahmed
------------------------------

Hi @Liam Mahoney,

Thanks for your response. Your idea seems very clever and it could help me achieve my objective.

I have just one concern, we are going to distribute this app to our customers and ideally would like minimal steps for them to go through. By your method, they will have to manually design the complete incident tab and arrange the sections within it. Is there any automated way to achieve this?

Thanks!​​​

------------------------------
Umair Ahmed
------------------------------

Original Message:
Sent: Fri February 14, 2020 10:44 AM
From: Liam Mahoney
Subject: Showing Data Tables Dynamically in Resilient Events

Umair,

You can make data tables show up conditionally (and anything else available in an incident tab) by creating a section.

In the layout editor click into the tab you'd like the data to show up in and drag and drop a 'Section' from the 'Blocks' group on the right hand side of the screen into it. Drag your data table(s) into their own separate section(s). Click the wrench on the selection and you can then set a condition for when that section should appear.

Since you want the data table to show up based on a function running I would create a field that would serve as a flag to whether or not the function ran. In the post-process script of the function I would set that flag to the True value, which should trigger the section and the corresponding data table to show up.

Let me know if you have any questions, I'd be happy to help out!



------------------------------
Liam Mahoney

Original Message:
Sent: Thu February 13, 2020 01:16 PM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Dear All,

We are developing our integration for IBM Resilient platform and trying to render and show data from our APIs but the platform is not offering many options for showing data. What I want to achieve is:

1- Show different tables in a separate tab depending upon the function executed by the user. So for some actions, I would like to show one type of Table and a different table for another function but the problem is that Resilient only allows the tables to be hardcoded and defined once and there is also no option for hiding/showing tables dynamically. I would have to define all the tables which will be present no matter what function is the user executing and populate the ones that I have the data for. This is not good from a UI/UX point-of-view. How can I deal with this situation?

2- The Second option is to use the Rich Text Format in Notes and show the data there but Rich Text Format also does not offer many options. I would like to create different tables for different functions executed. Can someone point me towards how to create tables in rich text format?

I am okay with either of the above if there are any workarounds.

Thanks and Regards,
Umair

------------------------------
Umair Ahmed
------------------------------

Umair,

Unfortunately I don't think there would be a way to automate the tab creation. To my knowledge tabs can't be included in resilient-circuits codegen packages. I suppose the closest you'd be able to get is to provide the data tables in the package and then outline the tab creation process in the documentation.

Hopefully someone with a better idea can chime in!

------------------------------
Liam Mahoney
------------------------------

Original Message:
Sent: Mon February 17, 2020 02:12 AM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Hi @Liam Mahoney,

Thanks for your response. Your idea seems very clever and it could help me achieve my objective.

I have just one concern, we are going to distribute this app to our customers and ideally would like minimal steps for them to go through. By your method, they will have to manually design the complete incident tab and arrange the sections within it. Is there any automated way to achieve this?

Thanks!​​​

------------------------------
Umair Ahmed

Original Message:
Sent: Fri February 14, 2020 10:44 AM
From: Liam Mahoney
Subject: Showing Data Tables Dynamically in Resilient Events

Umair,

You can make data tables show up conditionally (and anything else available in an incident tab) by creating a section.

In the layout editor click into the tab you'd like the data to show up in and drag and drop a 'Section' from the 'Blocks' group on the right hand side of the screen into it. Drag your data table(s) into their own separate section(s). Click the wrench on the selection and you can then set a condition for when that section should appear.

Since you want the data table to show up based on a function running I would create a field that would serve as a flag to whether or not the function ran. In the post-process script of the function I would set that flag to the True value, which should trigger the section and the corresponding data table to show up.

Let me know if you have any questions, I'd be happy to help out!



------------------------------
Liam Mahoney

Original Message:
Sent: Thu February 13, 2020 01:16 PM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Dear All,

We are developing our integration for IBM Resilient platform and trying to render and show data from our APIs but the platform is not offering many options for showing data. What I want to achieve is:

1- Show different tables in a separate tab depending upon the function executed by the user. So for some actions, I would like to show one type of Table and a different table for another function but the problem is that Resilient only allows the tables to be hardcoded and defined once and there is also no option for hiding/showing tables dynamically. I would have to define all the tables which will be present no matter what function is the user executing and populate the ones that I have the data for. This is not good from a UI/UX point-of-view. How can I deal with this situation?

2- The Second option is to use the Rich Text Format in Notes and show the data there but Rich Text Format also does not offer many options. I would like to create different tables for different functions executed. Can someone point me towards how to create tables in rich text format?

I am okay with either of the above if there are any workarounds.

Thanks and Regards,
Umair

------------------------------
Umair Ahmed
------------------------------

The kind of app we intend to build will have a lot of functions and resulting scenarios so going through this route will be complex. Hence, I have decided to get rid of data tables and render my results in the form of notes. Rich Text Format allows the <div> tag to make simple tables which are good enough for my app.

Thanks for your valuable input, though.

------------------------------
Umair Ahmed
------------------------------

Original Message:
Sent: Tue February 18, 2020 10:00 AM
From: Liam Mahoney
Subject: Showing Data Tables Dynamically in Resilient Events

Umair,

Unfortunately I don't think there would be a way to automate the tab creation. To my knowledge tabs can't be included in resilient-circuits codegen packages. I suppose the closest you'd be able to get is to provide the data tables in the package and then outline the tab creation process in the documentation.

Hopefully someone with a better idea can chime in!

------------------------------
Liam Mahoney

Original Message:
Sent: Mon February 17, 2020 02:12 AM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Hi @Liam Mahoney,

Thanks for your response. Your idea seems very clever and it could help me achieve my objective.

I have just one concern, we are going to distribute this app to our customers and ideally would like minimal steps for them to go through. By your method, they will have to manually design the complete incident tab and arrange the sections within it. Is there any automated way to achieve this?

Thanks!​​​

------------------------------
Umair Ahmed

Original Message:
Sent: Fri February 14, 2020 10:44 AM
From: Liam Mahoney
Subject: Showing Data Tables Dynamically in Resilient Events

Umair,

You can make data tables show up conditionally (and anything else available in an incident tab) by creating a section.

In the layout editor click into the tab you'd like the data to show up in and drag and drop a 'Section' from the 'Blocks' group on the right hand side of the screen into it. Drag your data table(s) into their own separate section(s). Click the wrench on the selection and you can then set a condition for when that section should appear.

Since you want the data table to show up based on a function running I would create a field that would serve as a flag to whether or not the function ran. In the post-process script of the function I would set that flag to the True value, which should trigger the section and the corresponding data table to show up.

Let me know if you have any questions, I'd be happy to help out!



------------------------------
Liam Mahoney

Original Message:
Sent: Thu February 13, 2020 01:16 PM
From: Umair Ahmed
Subject: Showing Data Tables Dynamically in Resilient Events

Dear All,

We are developing our integration for IBM Resilient platform and trying to render and show data from our APIs but the platform is not offering many options for showing data. What I want to achieve is:

1- Show different tables in a separate tab depending upon the function executed by the user. So for some actions, I would like to show one type of Table and a different table for another function but the problem is that Resilient only allows the tables to be hardcoded and defined once and there is also no option for hiding/showing tables dynamically. I would have to define all the tables which will be present no matter what function is the user executing and populate the ones that I have the data for. This is not good from a UI/UX point-of-view. How can I deal with this situation?

2- The Second option is to use the Rich Text Format in Notes and show the data there but Rich Text Format also does not offer many options. I would like to create different tables for different functions executed. Can someone point me towards how to create tables in rich text format?

I am okay with either of the above if there are any workarounds.

Thanks and Regards,
Umair

------------------------------
Umair Ahmed
------------------------------