IBM Security QRadar SOAR

 View Only

Access to application secrets from within a playbook?

  • 1.  Access to application secrets from within a playbook?

    Posted Wed October 26, 2022 11:34 AM
    Hi all,
    I was wondering if it is possible to define (add) a secret in the configuration section of an application and then use this secret inside the script used to initialize the input parameters for that function when called from a playbook?
    My typical use case would be when using the function "Utilities: Call REST APIs" of the app "Utility Functions for SOAR".  The secret would be used when authentication is needed for certain services.
    Is there another way to hide or obfuscate this information?
    I was thinking of maybe replacing the "Call Rest API" function with the "Shell command" function and use a "curl" command.  By defining the curl command in the app.config file I would have access to the secret.

    Thanks

    ------------------------------
    Pierre Dufresne
    ------------------------------