IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hi ,i want to create playbook/customisation, where i can add note with multiple incident and note should reflected to QRadar.Thanks in Advance.
This is not possible within the Playbook editor -- the highest level of access that a single Playbook has, is the incident that it is called from (including when called from a Note, an Artifact, etc..., it will always have access to that incident).
The only way to approach a problem like this would be to engineer a function that runs in an app to post a note to any incident you want. This would involve writing custom Python code to hit the SOAR REST APIs and packaging that code in an app. There are many resources in the Security Learning page that describe how to create a custom app from scratch.
I hope this helps!