IBM Security QRadar SOAR

 View Only
  • 1.  Custom tasks vs system tasks

    Posted Wed April 27, 2022 02:43 PM
    Hi,
    I am looking for some advice in the use of custom tasks vs system tasks.
    In a playbook, when you add  tasks on the canvas like this:
    INCIDENT ---> Task 1 ---> Task 2 --->END
    When the tasks are marked compulsory, they will appear one after the other when the user closes them.  These are system tasks.

    If you use a script in the playbook to add a task with incident.addtask helper function like this:
    INCIDENT ---> script with addtask ---> Task 2 --->END
    Both tasks appear at once when the playbook is started which is not the expected behaviour of doing things sequentially.

    The advantages of the task added with addtask is that it can be customized programmatically within the script.  In our case, this means assigning the task to specific personnel and also adjusting the instructions depending on the incident type.  I know these actions can be done with supplementary playbooks but this adds a complexity level.
    Also, a small trashcan appears next to the custom task which means the user can delete it.

    So, I guess my question boils down to: is it possible to create a system task within a script?

    Thanks for your help

    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Custom tasks vs system tasks

    Posted Thu April 28, 2022 08:36 AM
    It isn't possible to create a System Task from within a script.

    It sounds like you want the behavior that a task is complete before the next task shows up? This behavior is controlled by the Playbook itself by virtue of the Task showing up on the diagram flow. Since custom tasks don't show up on the diagram they don't have the same behavior.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------