Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Python script that changes field (assigned_to) in QRadar

Vítor Fagundes Alves NogueiraWed September 23, 2020 11:03 AM

I developed a script that when an analyst assigns an incident to him within Resilient, in QRadar the ...

Richard GiesigeWed September 23, 2020 03:53 PM

Vitor, This will need to become a function that is run on an integration server. You would make a rule ...

1. Python script that changes field (assigned_to) in QRadar

0 Like
Vítor Fagundes Alves Nogueira
Posted Wed September 23, 2020 11:03 AM
| view attached

Reply
I developed a script that when an analyst assigns an incident to him within Resilient, in QRadar the "assigned_to" field will be changed to the analyst's name. However, this script is local, and I need to put it inside Resilient, so that it can be automatic. Does anyone have any ideas?

------------------------------
Vítor Fagundes Alves Nogueira
------------------------------
2. RE: Python script that changes field (assigned_to) in QRadar

0 Like
Richard Giesige
Posted Wed September 23, 2020 03:53 PM
Edited by System Thu November 11, 2021 11:15 AM

Reply
Vitor,

This will need to become a function that is run on an integration server. You would make a rule that when user assigns themselves as owner inside resilient it would launch the function/workflow to make the call to the function..

https://developer.ibm.com/security/resilient/functions/

Once you have converted it to a function, you can then trigger it with a workflow that happens on a rule that watches for owner assignment.

------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh
------------------------------

Original Message

Powered by Higher Logic