IBM QRadar SOAR

 View Only

  • 1.  Custom Notifications

    Posted Tue March 10, 2020 11:46 AM

    Hello,

    I'm struggling to get a custom notification to trigger. I'm wondering if I'm doing something wrong?

    Here's my notification:


    And here's the task I'm generating:


    I'm failing to get an email notification sent to the user listed in 'Notify Resilient users' section of the notification.

    Does anyone anything I'm doing wrong?

    Thanks!


    ------------------------------
    Liam Mahoney
    ------------------------------


  • 2.  RE: Custom Notifications

    Posted Tue March 10, 2020 01:22 PM
    Hey Liam,

    I've struggled with notifications as well, the configuration can be a bit quirky. Couple suggestions that may be helpful:

    1. Tests will not work if the user triggering the notifications is the one who is supposed to be receiving them (by design).
    2. Have you tried selecting "Added Owners" as well?
    3. Have you tried adding a task is created/modified condition?


    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------

    Original Message


  • 3.  RE: Custom Notifications

    Posted Wed March 11, 2020 10:25 AM
    As Jared  has already mentioned this can be tricky. I've found the easiest way to test a specific notification is to use the "Notify Others" capability where you can put in an arbitrary email address. As Jared mentioned the user that caused the notification won't get it so make sure you use a different email address or Resilient user.

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 4.  RE: Custom Notifications

    Posted Wed March 11, 2020 05:14 PM
    Thanks for the information guys! We ended up getting it to work.

    ------------------------------
    Liam Mahoney
    ------------------------------

    Original Message