IBM Security QRadar SOAR

 View Only
  • 1.  How to list tasks with certain conditions in custom dashboard

    Posted Mon November 22, 2021 01:25 PM
    Hi all!
    For some incident types, we create, as needed tasks with the specific name "***recommendation".
    What I would like to do, is to create a dashbord that would list all tasks containing this keyword in their name.

    The custom widget does'nt seem  to offer the fields to allow this kind of query. 
    Is it possible to construct such a dashboard?

    Thanks for your help.

    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: How to list tasks with certain conditions in custom dashboard

    Posted Tue November 23, 2021 10:08 AM
    Currently there are no APIs that allow finding all tasks in the system.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: How to list tasks with certain conditions in custom dashboard

    Posted Tue November 23, 2021 03:31 PM
    OK Ben,
    But there is widget called "Open Tasks by Owner" that gives all open tasks by owner.

    Let's say, for the sake of discussion, I create a "generic" user called "recommendation" and when someone creates a task called "recommendation" it is automatically assigned to that user.  When looking at the OpenTasks by Owner widget, I could see all recommendations by looking at the owner called recommendation.  Could that work?

    ------------------------------
    Pierre Dufresne
    ------------------------------



  • 4.  RE: How to list tasks with certain conditions in custom dashboard

    Posted Wed November 24, 2021 08:42 AM
    The following API returns all tasks assigned to the "current" user:

    rest/orgs/230/tasks

    You are correct that the following API returns all open task data:

    rest/orgs/230/stats/open_tasks_by_owner

    The response is like this:

    {
      "Unassigned": [
        {
          "id": 2294434,
          "name": "resetusers ",
          "incident": {
            "id": 7251,
            "name": "dffd",
            "create_date": 1507891813000,
            "org_handle": 230
          }
        },
        {
          "id": 2433058,
          "name": "task to delete",
          "incident": {
            "id": 27983,
            "name": "tasks to delete",
            "create_date": 1605630682238,
            "org_handle": 230
          }
        },​

    This may give you what you are looking for. The total number of results is limited by the server. I think 10000 results.

    The user/API Key will need appropriate read permission in the role assigned to them to see all the tasks. You won't need to assign an specific user it looks like.

    Ben



    ------------------------------
    Ben Lurie
    ------------------------------