IBM Security QRadar SOAR

I am trying to run an automated workflow on a datatable.  I have everything running smoothly except for the ability to update that table in the "Pre Processing" script.  I am not sure if this can be done, but i have successfully updated the table in "Post Processing".

Here is my code:

PRE-PROCESSING:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%m-%d-%Y %H:%M:%S"))

incident.row.imaging_status = "In Progress"
incident.row.date_started = current_DateTime_str


POST Processing:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%Y-%m-%d %H:%M:%S"))


if results.exitcode == 0:
note_text = u"Command succeeded: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
#nuix_status = 'Completed'
incident.addNote(note_text)
row.imaging_status = "Finished"
row.date_completed = current_DateTime_str
else:
note_text = u"Command failed: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
incident.addNote(note_text)
row.imaging_status = "Error"
#nuix_status = 'Error'

------------------------------
Brian Coleman
------------------------------

Hi Brian,

I am not sure but according to my experience, you cannot make any write process in pre-process. IBMers could give a more reliable answer about it.

------------------------------
Burak Karaduman
------------------------------

Original Message:
Sent: Tue February 23, 2021 02:07 PM
From: Brian Coleman
Subject: Update Datatable via Workflow Pre & Post Processing

I am trying to run an automated workflow on a datatable.  I have everything running smoothly except for the ability to update that table in the "Pre Processing" script.  I am not sure if this can be done, but i have successfully updated the table in "Post Processing".

Here is my code:

PRE-PROCESSING:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%m-%d-%Y %H:%M:%S"))

incident.row.imaging_status = "In Progress"
incident.row.date_started = current_DateTime_str


POST Processing:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%Y-%m-%d %H:%M:%S"))


if results.exitcode == 0:
note_text = u"Command succeeded: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
#nuix_status = 'Completed'
incident.addNote(note_text)
row.imaging_status = "Finished"
row.date_completed = current_DateTime_str
else:
note_text = u"Command failed: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
incident.addNote(note_text)
row.imaging_status = "Error"
#nuix_status = 'Error'

------------------------------
Brian Coleman
------------------------------

Burak is correct. Changes to data objects made in a pre-processing script do not affect any data in the system. The pre-processing script is intended only to set function inputs.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed February 24, 2021 05:31 AM
From: Burak Karaduman
Subject: Update Datatable via Workflow Pre & Post Processing

Hi Brian,

I am not sure but according to my experience, you cannot make any write process in pre-process. IBMers could give a more reliable answer about it.

------------------------------
Burak Karaduman

Original Message:
Sent: Tue February 23, 2021 02:07 PM
From: Brian Coleman
Subject: Update Datatable via Workflow Pre & Post Processing

I am trying to run an automated workflow on a datatable.  I have everything running smoothly except for the ability to update that table in the "Pre Processing" script.  I am not sure if this can be done, but i have successfully updated the table in "Post Processing".

Here is my code:

PRE-PROCESSING:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%m-%d-%Y %H:%M:%S"))

incident.row.imaging_status = "In Progress"
incident.row.date_started = current_DateTime_str


POST Processing:
##################################################
### Get Date Information
##################################################
from datetime import datetime

current_DateTime = datetime.now()
current_DateTime_str = str(current_DateTime.strftime("%Y-%m-%d %H:%M:%S"))


if results.exitcode == 0:
note_text = u"Command succeeded: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
#nuix_status = 'Completed'
incident.addNote(note_text)
row.imaging_status = "Finished"
row.date_completed = current_DateTime_str
else:
note_text = u"Command failed: {}\nStandard Out: {}\nStandard Error: {}".format(results.commandline, results.stdout, results.stderr)
incident.addNote(note_text)
row.imaging_status = "Error"
#nuix_status = 'Error'

------------------------------
Brian Coleman
------------------------------