Hi Pierre,
Depends on the version of Python on it:
$ python --version
Ideally we want a version >= 3.6
And we kinda do not recommend installing directly on the App Host as some dependencies are required and we are increasing the "attack surface area" of the App Host unnecessarily
Python is easily installed on your laptop, whether its Windows, Linux or macOS: https://www.python.org/downloads/ - get a 3.9 version if possible. We recommend installing a virtual Python environment with pyenv also (if possible): https://github.com/pyenv/pyenv - tho not necessary and then update the base packages and install the resilient-sdk with pip:
$ pip install -U pip setuptools
$ pip install resilient-sdk
$ resilient-sdk -h
$ resilient-sdk -h
usage:
$ resilient-sdk <subcommand> ...
$ resilient-sdk -v <subcommand> ...
$ resilient-sdk codegen -p <name_of_package> -m 'fn_custom_md' -c '/usr/custom_app.config'
$ resilient-sdk -h
Python SDK for developing IBM SOAR Apps that provides various subcommands to help with development
optional arguments:
-h, --help show this help message and exit
-v, --verbose Set the log level to DEBUG
subcommands:
one of these subcommands must be provided
validate Tests the content of all files associated with the app, including code, before packaging it
codegen Generates boilerplate code used to begin developing an app.
clone Duplicate an existing Action related object (Function, Rule, Script, Message Destination, Workflow) or Playbook with a new
api or display name
docgen Generates boilerplate documentation for an app.
extract Extracts data needed to publish a .res file.
package Package your Python Package into a SOAR app format.
For support, please visit ibm.biz/soarcommunity
------------------------------
Shane Curtin
Apps Engineer - IBM Security SOAR
------------------------------
Original Message:
Sent: Tue May 24, 2022 01:29 PM
From: Pierre Dufresne
Subject: Changing a playbook activation type from manual to automatic
Hi Shane,
This is very, very, very interesting.
Can I push my luck by asking you if it could be installed on a server acting as an App Host?
If yes, you would really make my day!
------------------------------
Pierre Dufresne
Original Message:
Sent: Tue May 24, 2022 10:03 AM
From: Shane Curtin
Subject: Changing a playbook activation type from manual to automatic
Hi Pierre,
So you can run the resilient-sdk on any machine that is external to SOAR - we do not run it directly on it
It is an Open Source Python Library hosted on PyPi: https://pypi.org/project/resilient-sdk/ and is simply installed with pip : https://ibmresilient.github.io/resilient-python-api/pages/resilient-sdk/resilient-sdk.html#installation
And once installed you can configure it to connect to any SOAR instance
For ease you could create a simple .config file as specified in the docs and then run:
$ resilient-sdk clone --playbook <playbook_to_be_cloned> <new_playbook_name> --draft-playbook -c <path_to_my_custom.config>
------------------------------
Shane Curtin
Apps Engineer - IBM Security SOAR
Original Message:
Sent: Tue May 24, 2022 09:13 AM
From: Pierre Dufresne
Subject: Changing a playbook activation type from manual to automatic
Hi Shane,
Thanks for the update.
Unfortunately, we use a cloud platform so we don't have the console available to run resilient commands.
I guess we could open a ticket if we really need it!
------------------------------
Pierre Dufresne
Original Message:
Sent: Tue May 24, 2022 06:29 AM
From: Shane Curtin
Subject: Changing a playbook activation type from manual to automatic
Hi Pierre,
With our Python Libraries now released at v45, we now have a solution for this - you can make use of the resilient-sdk!
Check out our change log for the resilient-sdk at: ibm.biz/soar-python-docs
Specifically, you can make use of our clone command and clone the Playbook into a Draft state, allowing you to change the Activation Type: https://ibmresilient.github.io/resilient-python-api/pages/resilient-sdk/resilient-sdk.html#clone
For example, you would run:
$ resilient-sdk clone --playbook <playbook_to_be_cloned> <new_playbook_name> --draft-playbook
Hope this helps!
------------------------------
Shane Curtin
Apps Engineer - IBM Security SOAR
Original Message:
Sent: Thu March 24, 2022 01:53 PM
From: Pierre Dufresne
Subject: Changing a playbook activation type from manual to automatic
Hi All,
Being able to manually launch a playbook is a new feature in SOAR and it is particularly useful when developping new playbooks.
But is there a way to just flip the activation type from manual to automatic. The UI does'nt seem to allow that.
I also tried to export the playbook and then import it, hoping I would have the opportunity to change the activation type but that did'nt wotk either.
Will I have to recreate the whole playbook in order to just change the activation type?
------------------------------
Pierre Dufresne
------------------------------