IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
For example, we send an incident by mail via IBM Security Qradar SOAR. However, if there is no response to this e-mail within two days, we want to send a reminder e-mail. Is there an article or a text to guide on this topic? How can we do this?
This should be doable using the timer events.
Can you please check out this documentation?
First of all, thanks for your return. We designed a workflow using the Timer function. Here, for example, SOAR will send the reminder email after 24 hours, but the person in question replied at the 15th hour, so we don't need to send the reminder email. In the remaining 9 hours, this timer function will have worked in vain in the background. What kind of control mechanism should be put in order to prevent this? Do you have a comment?
Sir, what if i needed to send reply to same email thread using meg Id which created in the first email.
Take a look at the outbound email app, with the function send_email2 (https://exchange.xforce.ibmcloud.com/hub/extension/caafba4e4f6d130e7db30ed4d5e53504). It supports an input field to specify the original message Id. There is an email conversation datatable maintained which does include message Ids for use with replying to messages.
Hope this helps,