IBM Security QRadar SOAR

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

Hi Nick,

Are you are missing some curly braces in your template e.g .

<a target='_blank' href='{{ inc_url }}'>{{ incident.id }}: {{ incident.name }}</a>

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Sounds good. Started playing around again with the templates since you asked and I created a few more which include both Notes and Artifacts. It appears that there is capability to do dataTables too, but I am currently missing something on that. When I get that template created, I will upload it to the GitHub as well. But for now check out my templates here.

https://github.com/TheIRGurus/Playbooks/tree/main/Outbound%20Email%20Playbooks

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Hey Nick, Thanks for your response. 

So, I ended up doing exactly what you did in your notes template. Unfortunately, it throws a nonetype error (no attribute 'lower') which isn't present when using the other macros.

Sounds good. Started playing around again with the templates since you asked and I created a few more which include both Notes and Artifacts. It appears that there is capability to do dataTables too, but I am currently missing something on that. When I get that template created, I will upload it to the GitHub as well. But for now check out my templates here.

https://github.com/TheIRGurus/Playbooks/tree/main/Outbound%20Email%20Playbooks

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Sorry, Just saw this. But have you checked the version of your app to make sure that it is the most recent version? I have tested all of the templates and have got this working. I do plan on releasing a follow up video next week about template building using the Jinja files next week. Hopefully that will help?!

Hey Nick, Thanks for your response. 

So, I ended up doing exactly what you did in your notes template. Unfortunately, it throws a nonetype error (no attribute 'lower') which isn't present when using the other macros.

Sounds good. Started playing around again with the templates since you asked and I created a few more which include both Notes and Artifacts. It appears that there is capability to do dataTables too, but I am currently missing something on that. When I get that template created, I will upload it to the GitHub as well. But for now check out my templates here.

https://github.com/TheIRGurus/Playbooks/tree/main/Outbound%20Email%20Playbooks

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Yes, the latest version of the app is currently installed, 2.1.0. Using the send outbound email 2 function as well. 

Sorry, Just saw this. But have you checked the version of your app to make sure that it is the most recent version? I have tested all of the templates and have got this working. I do plan on releasing a follow up video next week about template building using the Jinja files next week. Hopefully that will help?!

Hey Nick, Thanks for your response. 

So, I ended up doing exactly what you did in your notes template. Unfortunately, it throws a nonetype error (no attribute 'lower') which isn't present when using the other macros.

Sounds good. Started playing around again with the templates since you asked and I created a few more which include both Notes and Artifacts. It appears that there is capability to do dataTables too, but I am currently missing something on that. When I get that template created, I will upload it to the GitHub as well. But for now check out my templates here.

https://github.com/TheIRGurus/Playbooks/tree/main/Outbound%20Email%20Playbooks

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------

Resolved -- for some reason with version 2.1.0, I had to set the encryption_recipients input field within the script even though that field is optional. Setting it to none allowed the function script to run correctly with the notes macro. 

Yes, the latest version of the app is currently installed, 2.1.0. Using the send outbound email 2 function as well. 

Sorry, Just saw this. But have you checked the version of your app to make sure that it is the most recent version? I have tested all of the templates and have got this working. I do plan on releasing a follow up video next week about template building using the Jinja files next week. Hopefully that will help?!

Hey Nick, Thanks for your response. 

So, I ended up doing exactly what you did in your notes template. Unfortunately, it throws a nonetype error (no attribute 'lower') which isn't present when using the other macros.

Sounds good. Started playing around again with the templates since you asked and I created a few more which include both Notes and Artifacts. It appears that there is capability to do dataTables too, but I am currently missing something on that. When I get that template created, I will upload it to the GitHub as well. But for now check out my templates here.

https://github.com/TheIRGurus/Playbooks/tree/main/Outbound%20Email%20Playbooks

Thanks a lot for your help, Nick. Your videos are super helpful. 

The template worked out great, looks like I just needed to add the macros and drop the .format portion at the end of the script. The only issue I'm running into now is incorporating the notes macro in the template. 

I have created a new template that will work with inline. Check the link. If you want to customize the template at all, change lines between 328 and 350. This is where you will be able to add your own fields and such like John mentioned above.

Thanks!

------------------------------
Nick Mumaw, GPEN, GPYC
Cyber Security Specialist - SOAR
IBM - Security

Original Message:
Sent: Wed October 04, 2023 03:57 PM
From: Nick B
Subject: Outbound Email inline template macros

Hey Community, 

I'm attempting to adopt @Nick Mumaw's example email template written in CSS/HTML. The primary issue I'm running into is rendering macros within the inline email template in a playbook. 

For example, I want to generate the incident URL within the email template using the V2 function, however, SOAR is unable to interpret the following macro as suggested in the app's documentation. 

{% set inc_url = template_helper.generate_incident_url(incident.id) %}
<a target='_blank' href='{ inc_url }'>{ incident.id }: { incident.name }</a>

------------------------------
Nick B
------------------------------