IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Resilient: Importing custom scripts

  • 1.  Resilient: Importing custom scripts

    Posted Mon February 15, 2021 05:21 AM
    Hi community,
    I have several scripts in Resilient which are all triggered by different rules. Some of these scripts have duplicate code which I would like to prevent, since it is generally bad practice and makes it harder to change things.
    Is there a way to install custom python packages to use in the Resilient scripts and pre/post processing scripts?
    Or is there a way to import functions from one script into another?

    I need a way to only write a function in one place and be able to call it multiple places

    ------------------------------
    Andreas Fiehn
    ------------------------------


  • 2.  RE: Resilient: Importing custom scripts

    Posted Mon February 15, 2021 06:23 AM
    Hi Andreas,

    Unfortunately what you have described is not possible in Resilient at the moment. We are aware of this issue though and understand the benefits being able to import and re-use your own code would bring. We have a ticket in our backlog to track this, however I don't have a timeline of when it might be complete.

    I will add your comments to the ticket, keep an eye out for updates to this in future releases.

    Thanks,

    ------------------------------
    Sean Mc Cann
    ------------------------------



  • 3.  RE: Resilient: Importing custom scripts

    Posted Mon February 15, 2021 07:46 AM
    Hi Sean,

    Would it be possible to search in the source code of resilient and "give" ourselves permission to import our own modules in scripts?
    If so, if we putty to our resilient server, where could we look for such permissions?

    Kind Regards,
    August

    ------------------------------
    August Tollerup
    ------------------------------



  • 4.  RE: Resilient: Importing custom scripts

    Posted Mon February 15, 2021 08:16 AM
    Hi August,

    My understanding is that it is not possible, but I will do some investigation just to confirm. Even if it was possible, it would not be officially supported or encouraged. I will update this thread tomorrow and let you know the outcome of my investigation.

    Thanks,

    ------------------------------
    Sean Mc Cann
    ------------------------------



  • 5.  RE: Resilient: Importing custom scripts

    Posted Mon February 15, 2021 08:28 AM
    Hi Sean,

    Thank you sincerely. Looking forward to hearing from you.

    Kind Regards,
    August

    ------------------------------
    August Tollerup
    ------------------------------



  • 6.  RE: Resilient: Importing custom scripts

    Posted Tue February 16, 2021 06:41 AM
    Hi August,

    I have confirmed that it is currently not possible to allow importing of custom modules, even with access to the Resilient server.

    I would suggest that you or @Andreas Fiehn could post this as an idea on our RFE forum IBM Security SOAR Ideas (RFE's). This is where we track feature requests and it helps us determine which features to prioritise. If a lot of other people also want this feature it is more likely to be implemented.

    Thanks,


    ------------------------------
    Sean Mc Cann
    ------------------------------



  • 7.  RE: Resilient: Importing custom scripts

    Posted Mon February 15, 2021 07:48 AM
    Hi Sean,
    Thank you for the quick answer. I think August got an interesting idea. Would that be possible?

    ------------------------------
    Andreas Fiehn
    ------------------------------



  • 8.  RE: Resilient: Importing custom scripts

    IBM Champion
    Posted Wed February 17, 2021 06:43 PM
    Workflows can be added to workflows, this may help you in your endeavors with workflows/functions in the short term.

    For scripts, in the short term you could try to merge your scripts together and populate them with if statements / cases. Not as ideal, but I do not see this being an easy situation for the devs to address.

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 9.  RE: Resilient: Importing custom scripts

    Posted Thu February 18, 2021 04:46 AM
    What about the risk to import a Python code that open a flaw to the Platform / System / Software, or allow direct access to the system and then users / admin could break it or change its behavior?

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------



  • 10.  RE: Resilient: Importing custom scripts

    Posted Fri February 19, 2021 08:58 AM
    Edited by Sean Mc Cann Fri February 19, 2021 08:59 AM
    Just to wrap this up this thread,

    Importing custom modules is not currently supported in Resilient and we do not recommend you try to access and modify the Resilient server directly. I see an RFE has now been created for this functionality https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-994

    Thank you,

    ------------------------------
    Sean Mc Cann
    ------------------------------