IBM Security QRadar SOAR

Hi IBM SOAR community,

I want to ask for some ideas regarding the ability of SOAR apps to add multiple values as inputs. From my current understanding the SOAR functions allow only single value from incident in which usually I use the artifacts value for processing.

If say, I have a local function that process that process lists from multiple .txt and .logs file, how would I approach creating the custom function?

Currently my approach is to just let the function to only process single value (string type for example) since the limitation doesn't allow processing file within.

The snippet shown above is one of the few example of a main function within the scripts that depends of multiple different files and functions. For the functions my approach should be limiting the processing into a very minimal dependencies, so its generally fine but the current roadblock would be the files to processed itself.

If you're talking about functions in apps which are used as building blocks in playbooks they have no problem accepting multiple values. If you're trying to develop a new custom app I suggest having a look at the documentation. Additionally, you could take an app from the exchange unzip it all and see how it was made and if you can reuse it.

Hi IBM SOAR community,

I want to ask for some ideas regarding the ability of SOAR apps to add multiple values as inputs. From my current understanding the SOAR functions allow only single value from incident in which usually I use the artifacts value for processing.

If say, I have a local function that process that process lists from multiple .txt and .logs file, how would I approach creating the custom function?

Currently my approach is to just let the function to only process single value (string type for example) since the limitation doesn't allow processing file within.

The snippet shown above is one of the few example of a main function within the scripts that depends of multiple different files and functions. For the functions my approach should be limiting the processing into a very minimal dependencies, so its generally fine but the current roadblock would be the files to processed itself.