IBM Security QRadar SOAR

Is it possible to delete/clear data from row(s) in a data table without the data table helper functions or without a Workflow starting on that specific Data Table? (could just do row['column_name'] = "" if the workflow was triggered by that row/table).

I'd like to trigger a workflow from a 'Summary' data table and feed the resulting API response into subsequent "child" tables. The issue is that every time I run this, new rows are created in each child table.. I'd like to be able to update the rows or reset the child tables entirely and repopulate. Is this possible?

Expecting the user to fetch info for each table separately is unrealistic and a bad workflow for our API and Resilient's design choices (unnecessary functions/workflows).

Should I just create automatic workflows for each child data table and string them together as ordered activities? Seems like a clunky workaround since a unique script will need to be created for each type of Data Table.. really not DRY or OOP.

**EDIT: I realize now that the workaround is also not feasible since the scripts in ordered activities need to be of the same Object Type. Please advise if this is even possible within Resilient.

Thanks for any pointers.



------------------------------
Tom Prenderville
------------------------------

This is not possible using in product scripting because access to all the incident data is not available there.

It may be possible using the Data Table Utilities app (https://exchange.xforce.ibmcloud.com/hub/extension/c3b2e7a1a38f3e249c540d3b49fad459).

It is on the roadmap to be able to get access to the full resilient API from within code in the UI (custom functions). No date yet.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Tue June 29, 2021 10:33 AM
From: Tom Prenderville
Subject: Delete Row(s) in a Data Table

Is it possible to delete/clear data from row(s) in a data table without the data table helper functions or without a Workflow starting on that specific Data Table? (could just do row['column_name'] = "" if the workflow was triggered by that row/table).

I'd like to trigger a workflow from a 'Summary' data table and feed the resulting API response into subsequent "child" tables. The issue is that every time I run this, new rows are created in each child table.. I'd like to be able to update the rows or reset the child tables entirely and repopulate. Is this possible?

Expecting the user to fetch info for each table separately is unrealistic and a bad workflow for our API and Resilient's design choices (unnecessary functions/workflows).

Should I just create automatic workflows for each child data table and string them together as ordered activities? Seems like a clunky workaround since a unique script will need to be created for each type of Data Table.. really not DRY or OOP.

**EDIT: I realize now that the workaround is also not feasible since the scripts in ordered activities need to be of the same Object Type. Please advise if this is even possible within Resilient.

Thanks for any pointers.



------------------------------
Tom Prenderville
------------------------------