IBM Security QRadar SOAR

 View Only
  • 1.  Activity Field to Notes

    Posted Mon February 24, 2020 11:49 AM

    Hi there, 

    I am attempting to add a rule activity field as a note in Resilient.

    I have a in-product script that does the following: 

    incident.addNote(rule.properties.actvity_field_api_name)
    

    However I keep getting an error that 'rule is not defined' when running. 

    How can I achieve this? 

    Thanks!



    ------------------------------
    Adina Bodkins
    ------------------------------


  • 2.  RE: Activity Field to Notes

    IBM Champion
    Posted Mon February 24, 2020 01:44 PM
    Hey Adina,

    Is the activity field a rich text field? Try this:
    incident.addNote(helper.createRichText(rule.properties.actvity_field_api_name))

    I haven't tested this, but it might also be returning a dictionary/JSON object that includes the string, but isn't the string by itself. If this is the case, this could help with debugging that to determine the keys to use:
    incident.addNote(str(helper.createPlainText(rule.properties.actvity_field_api_name)))


    Let me know what you find out.

    Best,
    Jared

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 3.  RE: Activity Field to Notes

    Posted Mon February 24, 2020 03:05 PM
    Hi @Jared Fagel

    Thanks for the advice. It was a rich text field. Massaging what you gave me, I was able to get it working using the following.

    text_testing = rule.properties.activity_name_api_name
    
    richString = "<b>Rich Text Code</b><br>{}".format(rule.properties.activity_field_api_name.content)
    
    richString = helper.createRichText(richString)
    
    incident.addNote(richString)
    ​​
    Thank you so much!!!!

    ------------------------------
    Adina Bodkins
    ------------------------------