IBM Security QRadar SOAR

 View Only
  • 1.  Creating Task Notes via API

    Posted Fri March 12, 2021 09:17 AM
    Good morning,

    We are currently working on a use case to generate task notes via API calls. However, the create user of the note is showing as the service account making the API calls. The desired state is to have the analyst who initially triggered the action shown as the creator of the resulting task note. I have tried setting the following fields when creating the note but it somehow still seems to be overridden with the service account information:
    'modify_user'
    'modify_principal'
    'user_name'
    'user_fname'
    'user_lname'
    'user_id'

    Has anyone done something similar before and willing to assist?

    Thank you,
    Frank

    ------------------------------
    Frank Lacey
    ------------------------------


  • 2.  RE: Creating Task Notes via API

    Posted Mon March 15, 2021 07:48 AM
    Unfortunately it is not possible to explicitly set the "creator" of items in the system.

    I'm curious, are you doing this using an App within a workflow? There were discussions about having the "creator"/"updater" for workflow items be the user that started the workflow.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: Creating Task Notes via API

    Posted Mon March 15, 2021 10:44 AM
    We are doing it through a custom developed function. Utilizing the REST client of the function to perform the various operations. I kind of figured it would not be possible due to the way the client is instantiated.

    Thanks,
    Frank

    ------------------------------
    Frank Lacey
    ------------------------------