IBM Security QRadar SOAR

Hi All,

I am working on the case to automate the incident report which are high severity in Resilient. I have created a rule, but as per my knowledge we need a script/any source to trigger this rule i guess. Kindly advise.

Flow will go as follows,

Create Incident(high severity) - Assign to responsible team to take further steps - Close the Incident(After closing report should be auto generated and send to specific person email).


------------------------------
JAYAKUMAR JAYARAJ Cyber Security Engineer
------------------------------

Hello Jayakumar,

For your use case, there are two steps.
1. Create a script to do what you want. This can be done by going to Customization Settings->Scripts. Click "New Script". It is a python script that you will create. Most likely you want to generate a report based on the incident being closed, and then attach it to an email to a person? If this is what you want, we can discuss it further. Note here we call this script "test".

2. Create an automatic rule that will be triggered when a severity High incident is closed. This can be done by going to the Customization Settings->Rules, and then New Rule->Automatic:Make sure it is an "Incident" Object Type. Then under Conditions, click "Add New":Then in under Activities->ordered, click "Add New", and then select "Run Script". Then you can select the script you created. In the above example, when a High severity incident is closed, it calls the "test" script we created above.

Thanks,

------------------------------
Yongjian Feng
------------------------------

Original Message:
Sent: 02-25-2019 01:12 PM
From: JAYAKUMAR JAYARAJ
Subject: Automate Incident Report

Hi All,

I am working on the case to automate the incident report which are high severity in Resilient. I have created a rule, but as per my knowledge we need a script/any source to trigger this rule i guess. Kindly advise.

Flow will go as follows,

Create Incident(high severity) - Assign to responsible team to take further steps - Close the Incident(After closing report should be auto generated and send to specific person email).


------------------------------
JAYAKUMAR JAYARAJ Cyber Security Engineer
------------------------------

Hi Yongjian,

I am working on the case to automate the incident report to get the number of incidents created and number of incidents closed for last 7 day. I need this report to be delivered as an CSV file on every Monday.I
I have created a rule to for Date created and Date closed as you have shown in above screenshots in this thread. i need to know what to write in script.

Please let me know your input on this.

Regards,
Vaishnavi Rao

------------------------------
VaishnaviR Rao
------------------------------

Original Message:
Sent: Mon February 25, 2019 02:00 PM
From: Yongjian Feng
Subject: Automate Incident Report

Hello Jayakumar,

For your use case, there are two steps.
1. Create a script to do what you want. This can be done by going to Customization Settings->Scripts. Click "New Script". It is a python script that you will create. Most likely you want to generate a report based on the incident being closed, and then attach it to an email to a person? If this is what you want, we can discuss it further. Note here we call this script "test".

2. Create an automatic rule that will be triggered when a severity High incident is closed. This can be done by going to the Customization Settings->Rules, and then New Rule->Automatic:Make sure it is an "Incident" Object Type. Then under Conditions, click "Add New":Then in under Activities->ordered, click "Add New", and then select "Run Script". Then you can select the script you created. In the above example, when a High severity incident is closed, it calls the "test" script we created above.

Thanks,

------------------------------
Yongjian Feng

Original Message:
Sent: 02-25-2019 01:12 PM
From: JAYAKUMAR JAYARAJ
Subject: Automate Incident Report

Hi All,

I am working on the case to automate the incident report which are high severity in Resilient. I have created a rule, but as per my knowledge we need a script/any source to trigger this rule i guess. Kindly advise.

Flow will go as follows,

Create Incident(high severity) - Assign to responsible team to take further steps - Close the Incident(After closing report should be auto generated and send to specific person email).


------------------------------
JAYAKUMAR JAYARAJ Cyber Security Engineer
------------------------------

Hi Yongjian,

May I have the example of the script "Test".
I like to automate the sending of report, example using the out of the box template "Security Incident Detail"

script or function format that generating the pdf that can be used in the workflow will be even better.

------------------------------
AXE LAW
------------------------------

Original Message:
Sent: Mon February 25, 2019 02:00 PM
From: Yongjian Feng
Subject: Automate Incident Report

Hello Jayakumar,

For your use case, there are two steps.
1. Create a script to do what you want. This can be done by going to Customization Settings->Scripts. Click "New Script". It is a python script that you will create. Most likely you want to generate a report based on the incident being closed, and then attach it to an email to a person? If this is what you want, we can discuss it further. Note here we call this script "test".

2. Create an automatic rule that will be triggered when a severity High incident is closed. This can be done by going to the Customization Settings->Rules, and then New Rule->Automatic:Make sure it is an "Incident" Object Type. Then under Conditions, click "Add New":Then in under Activities->ordered, click "Add New", and then select "Run Script". Then you can select the script you created. In the above example, when a High severity incident is closed, it calls the "test" script we created above.

Thanks,

------------------------------
Yongjian Feng

Original Message:
Sent: 02-25-2019 01:12 PM
From: JAYAKUMAR JAYARAJ
Subject: Automate Incident Report

Hi All,

I am working on the case to automate the incident report which are high severity in Resilient. I have created a rule, but as per my knowledge we need a script/any source to trigger this rule i guess. Kindly advise.

Flow will go as follows,

Create Incident(high severity) - Assign to responsible team to take further steps - Close the Incident(After closing report should be auto generated and send to specific person email).


------------------------------
JAYAKUMAR JAYARAJ Cyber Security Engineer
------------------------------