IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hello there,I need these specific features on IBM QRadar SOAR, can you check if it's available?1. Auto assign Owner based on weekly/monthly Shift management excel file (such as today 1AM-1PM then assign to Mr.A, today 1PM-1AM then assign to Mr.B)2. During Shift handover, allow users to run a playbook periodically and automatically to change previous On-call guy to current On-call guy.Thanks,
hello, any helps?
Hi Nguyễn,For 1), it's possible to create a playbook which runs when a new case is created and makes assignments based on a lookup table of personnel and the current timeframe. As for 2), the same playbook (or a copy for manual execution) can be run which reassigns cases based on the same lookup table and the current timeframe.There is no easy way to schedule a playbook to execute across all playbooks and make this shift assignment automatically. Additional logic would be needed in a custom app to perform that logic. But that's a much more complicated endeavor.Hope this helps,
Appreciate your answer, it's quite clear now.
Hi,For each use case playbook, you could also start an "assignment playbook" which would look something like the picture below.First, it checks if the incident is closed and if so, does nothing and exits.If the incident is not closed, use a script to make the necessary change to the assigment.Then find out the time for the next shift that you should use to set the timer function.When the timer expires, it means it is time to reassign, if the incident is not closed.I can't assure you it would really work, but it can give you some ideas.