Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Enhance IPInfo Search results in Note and Artifact Description

1. Enhance IPInfo Search results in Note and Artifact Description

0 Like
BENOIT ROSTAGNI
Posted Fri August 23, 2019 12:36 PM
Edited by BENOIT ROSTAGNI Mon August 26, 2019 04:45 AM
| view attached

Reply
Prerequisit : have the IPinfo integration installed and configured Link to App Exchange
Purpose : Enhance the standard information given by this integration in Artifact Description & Note
Changes :

New Rule IP Info Search that will not show up in Action button if already launched. You can disable the previous rule from the basic installation starting with "example"

New Workflow IP Info Search with changes in post process scripts

The result is :

Artifact Description:

Note:

Attached is the res file you can import to adapt the IPinfo integration

Feel free to use, adapt, make this better :)

Building the res file:
resilient-circuits extract --workflow "query_ip_artifact_with_ipinfo" --rule "IP Info Search" -o config_IPinfo.res --zip

------------------------------
BENOIT ROSTAGNI
------------------------------

Attachment(s)

config_IPinfo.res.zip 9 KB 1 version

Powered by Higher Logic