Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Save the Date! watsonx Hackathon - Pre-TechXchange Conference Event

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Playbook Suggestion : Add note with multiple incident

Bhagyesh LimbadMon October 30, 2023 11:16 AM

Hi , i want to create playbook/customisation, where i can add note with multiple incident and note should ...

Bo BleckelTue October 31, 2023 09:09 AM

Hi - This is not possible within the Playbook editor -- the highest level of access that a single ...

1. Playbook Suggestion : Add note with multiple incident

0 Like
Bhagyesh Limbad
Posted Mon October 30, 2023 11:16 AM

Reply
Hi ,

i want to create playbook/customisation, where i can add note with multiple incident and note should reflected to QRadar.

Thanks in Advance.

------------------------------
Bhagyesh Limbad
------------------------------
2. RE: Playbook Suggestion : Add note with multiple incident

0 Like
Bo Bleckel
Posted Tue October 31, 2023 09:09 AM

Reply
Hi -

This is not possible within the Playbook editor -- the highest level of access that a single Playbook has, is the incident that it is called from (including when called from a Note, an Artifact, etc..., it will always have access to that incident).

The only way to approach a problem like this would be to engineer a function that runs in an app to post a note to any incident you want. This would involve writing custom Python code to hit the SOAR REST APIs and packaging that code in an app. There are many resources in the Security Learning page that describe how to create a custom app from scratch.

I hope this helps!

------------------------------
Bo Bleckel
------------------------------

Original Message

Powered by Higher Logic