IBM Security QRadar SOAR

Hello,

I want to track time for different phase changes (each containing multiple tasks) in an incident. Currently, there is a default field named Phase which contains all the defined phase(s). Any new phase added gets appended to Phase field. Checking Track change times allows me to track the time each phase has taken. Below screenshots for reference. 







==============================================================================================================================

Now, I have created custom fields,  MTTD and MTTR, for which I have added different set of phases (each containing multiple tasks). Below screenshot for reference.



===============================================================================================================================

Questions:

1. How to track the time for phase changes in MTTD field ?
    - Currently, only the Phase field (default field) is able to track time in phase changes.
    - After completing the tasks in each phase, the time took to complete that phase is shown in the time tracker as shown above.
    - But for custom fields, there is no such option.      

2. How to track time for both MTTD and MTTR fields for phase changes ? 
    - As there is Phase field in above screenshot, how can I get MTTD and MTTR fields in the same time tracker after completing the tasks in each phase.

3. How to create Task field like Phase field to track time ?
    - Currently, we can track the phases after completing the tasks in each phase.
    -  Need to track the tasks in each phase after completion.


Hope the questions are understandable. Please let me know if any issues. Any help would be highly appreciated.


Cheers,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

You mentioned:

- But for custom fields, there is no such option.

However I do see the "Track change times" for a custom field:


Is that what you are looking for?

Regarding:

3. How to create Task field like Phase field to track time ?
- Currently, we can track the phases after completing the tasks in each phase.
- Need to track the tasks in each phase after completion.

Currently it is not possible to track time on task fields. Nor is it possible to create custom fields for a task. I would recommend suggesting this idea on the idea portal.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Mon March 01, 2021 08:40 AM
From: Akhilesh Deshmukh
Subject: Create custom fields to track time in changing Tasks.

Hello,

I want to track time for different phase changes (each containing multiple tasks) in an incident. Currently, there is a default field named Phase which contains all the defined phase(s). Any new phase added gets appended to Phase field. Checking Track change times allows me to track the time each phase has taken. Below screenshots for reference. 







==============================================================================================================================

Now, I have created custom fields,  MTTD and MTTR, for which I have added different set of phases (each containing multiple tasks). Below screenshot for reference.



===============================================================================================================================

Questions:

1. How to track the time for phase changes in MTTD field ?
    - Currently, only the Phase field (default field) is able to track time in phase changes.
    - After completing the tasks in each phase, the time took to complete that phase is shown in the time tracker as shown above.
    - But for custom fields, there is no such option.      

2. How to track time for both MTTD and MTTR fields for phase changes ? 
    - As there is Phase field in above screenshot, how can I get MTTD and MTTR fields in the same time tracker after completing the tasks in each phase.

3. How to create Task field like Phase field to track time ?
    - Currently, we can track the phases after completing the tasks in each phase.
    -  Need to track the tasks in each phase after completion.


Hope the questions are understandable. Please let me know if any issues. Any help would be highly appreciated.


Cheers,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Ben,

Thanks for replying. I acknowledge that custom fields can be tracked. But what I am looking for is how can I add the Custom field (lets say, field MTTD) to the Task widget. Currently, the Task widget is not editable. Hence it shows, the values from Phase field. Refer below screenshot.



===========================================================================================================================
I intend to track the changes for custom field (of Select type) which will have values equal to the names of phases created (like Phase field). How can the custom field appear in the Task widget ? I guess once the custom field is part of Task widget, we can edit the tasks and thereby, track phase changes.

Hope, I am understandable. 
 

Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Tue March 02, 2021 09:54 AM
From: Ben Lurie
Subject: Create custom fields to track time in changing Tasks.

You mentioned:

- But for custom fields, there is no such option.

However I do see the "Track change times" for a custom field:


Is that what you are looking for?

Regarding:

3. How to create Task field like Phase field to track time ?
- Currently, we can track the phases after completing the tasks in each phase.
- Need to track the tasks in each phase after completion.

Currently it is not possible to track time on task fields. Nor is it possible to create custom fields for a task. I would recommend suggesting this idea on the idea portal.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 01, 2021 08:40 AM
From: Akhilesh Deshmukh
Subject: Create custom fields to track time in changing Tasks.

Hello,

I want to track time for different phase changes (each containing multiple tasks) in an incident. Currently, there is a default field named Phase which contains all the defined phase(s). Any new phase added gets appended to Phase field. Checking Track change times allows me to track the time each phase has taken. Below screenshots for reference. 







==============================================================================================================================

Now, I have created custom fields,  MTTD and MTTR, for which I have added different set of phases (each containing multiple tasks). Below screenshot for reference.



===============================================================================================================================

Questions:

1. How to track the time for phase changes in MTTD field ?
    - Currently, only the Phase field (default field) is able to track time in phase changes.
    - After completing the tasks in each phase, the time took to complete that phase is shown in the time tracker as shown above.
    - But for custom fields, there is no such option.      

2. How to track time for both MTTD and MTTR fields for phase changes ? 
    - As there is Phase field in above screenshot, how can I get MTTD and MTTR fields in the same time tracker after completing the tasks in each phase.

3. How to create Task field like Phase field to track time ?
    - Currently, we can track the phases after completing the tasks in each phase.
    -  Need to track the tasks in each phase after completion.


Hope the questions are understandable. Please let me know if any issues. Any help would be highly appreciated.


Cheers,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Unfortunately it is not possible to change the layout of the task tree (the screenshot you have above). You can add these new incident fields to show up in the Task Details page. Not sure if that helps.

The task tree was intended to be used by an analyst in their day to day work. I guess it wasn't thought that aggregate timing information would be useful there. I think the main use case for the time tracking was for reporting capabilities in the Dashboards that a team lead or manager would use.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed March 03, 2021 04:56 AM
From: Akhilesh Deshmukh
Subject: Create custom fields to track time in changing Tasks.

Hi Ben,

Thanks for replying. I acknowledge that custom fields can be tracked. But what I am looking for is how can I add the Custom field (lets say, field MTTD) to the Task widget. Currently, the Task widget is not editable. Hence it shows, the values from Phase field. Refer below screenshot.



===========================================================================================================================
I intend to track the changes for custom field (of Select type) which will have values equal to the names of phases created (like Phase field). How can the custom field appear in the Task widget ? I guess once the custom field is part of Task widget, we can edit the tasks and thereby, track phase changes.

Hope, I am understandable. 
 

Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Tue March 02, 2021 09:54 AM
From: Ben Lurie
Subject: Create custom fields to track time in changing Tasks.

You mentioned:

- But for custom fields, there is no such option.

However I do see the "Track change times" for a custom field:


Is that what you are looking for?

Regarding:

3. How to create Task field like Phase field to track time ?
- Currently, we can track the phases after completing the tasks in each phase.
- Need to track the tasks in each phase after completion.

Currently it is not possible to track time on task fields. Nor is it possible to create custom fields for a task. I would recommend suggesting this idea on the idea portal.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 01, 2021 08:40 AM
From: Akhilesh Deshmukh
Subject: Create custom fields to track time in changing Tasks.

Hello,

I want to track time for different phase changes (each containing multiple tasks) in an incident. Currently, there is a default field named Phase which contains all the defined phase(s). Any new phase added gets appended to Phase field. Checking Track change times allows me to track the time each phase has taken. Below screenshots for reference. 







==============================================================================================================================

Now, I have created custom fields,  MTTD and MTTR, for which I have added different set of phases (each containing multiple tasks). Below screenshot for reference.



===============================================================================================================================

Questions:

1. How to track the time for phase changes in MTTD field ?
    - Currently, only the Phase field (default field) is able to track time in phase changes.
    - After completing the tasks in each phase, the time took to complete that phase is shown in the time tracker as shown above.
    - But for custom fields, there is no such option.      

2. How to track time for both MTTD and MTTR fields for phase changes ? 
    - As there is Phase field in above screenshot, how can I get MTTD and MTTR fields in the same time tracker after completing the tasks in each phase.

3. How to create Task field like Phase field to track time ?
    - Currently, we can track the phases after completing the tasks in each phase.
    -  Need to track the tasks in each phase after completion.


Hope the questions are understandable. Please let me know if any issues. Any help would be highly appreciated.


Cheers,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------