I did use the scheduler to launch a rule every hour, on some incident type, as long as the incident was open, I was looking for the new correlation rules from the QRadar offense. The Offense is modified by new correlation rule, but the information is not pushed to the SOAR. This was allowing me to check this, and update the table.
I am using a simple menu item rule, when QRadar ID as a value that run the OOTB QRadar fetching contributing rules for Offense (I may have changed the name)
------------------------------
BENOIT ROSTAGNI
------------------------------
Original Message:
Sent: Fri September 03, 2021 05:44 PM
From: Tyler Bennett
Subject: Clarification on scheduler application
The documentation for the scheduler application is pretty lacking.
Can the scheduler be used to launch functions / workflows within the resilient applciation. For instance, a function in resilient named Qradar Add to Reference Set. If so can you provide an example.
Or can anyone share examples of what they have done with the scheduler app.
------------------------------
Tyler Bennett
------------------------------