IBM Security Resilient

Expand all | Collapse all

During/after escalation create note of the escalation and its date

  • 1.  During/after escalation create note of the escalation and its date

    Posted Wed February 05, 2020 04:39 AM
    Hi All,

    Is it possible that during/after escalation to create an automatic note which contains the fact of the escalation, it's date, the incident number, and its URL even as text format?

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 05, 2020 02:47 PM
    Hi Adam,

    Can you please clarify?

    When an offense is escalated, QRadar automatically creates a note on the offense.  
    Ann offense that was automatically escalated has a note like this:

    Incident created in Resilient:
    https://x.xx.xxx.xxx/#incidents/2519?tab=ccf4e648-5af4-4dc0-8f6a-19aff3a7eeb6
    and includes the Username and Creation Date

    An offense that was manually escalated has a note like this:

    Manual escalation of offense to Resilient initiated
    and includes the Username and Creation Date

    AnnMarie

    ------------------------------
    AnnMarie Norcross
    ------------------------------



  • 3.  RE: During/after escalation create note of the escalation and its date

    Posted Thu February 06, 2020 02:25 AM
    Hi AnnMarie,

    I know but can the note be modified? If it can be, how can I insert information in?

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------



  • 4.  RE: During/after escalation create note of the escalation and its date

    Posted Thu February 06, 2020 08:52 AM
    It is possible to modify the note. Create a rule on note creation that runs a script that would update the note text:




    ------------------------------
    Ben Lurie
    ------------------------------



  • 5.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 03:32 AM
    Hi Ben,

    Thank you.

    Have any chance that you already have a script like that and share it?

    Thank you.

    ------------------------------
    Adam
    ------------------------------



  • 6.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 08:40 AM
    I realize that the original question may be about updating the note in Qradar. The strategy I posted was for updating a note in Resilient. Anyway, if you do want to update the note in Resilient, this script would do so:



    ------------------------------
    Ben Lurie
    ------------------------------



  • 7.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 09:46 AM
    Hi Ben,

    I meant updating note in Resilient, yes but I need to insert into the note is the date, the incident number, and its URL.

    Is this possible?

    Thank you.

    ------------------------------
    Adam
    ------------------------------