Hello,

I have complaints to IBM developers. How I can use your SOAR platform? Why so many issue in the last time?

1. Changed images what cause issue with apps and severe interfere of our SOC processes.
2. Publication broken app to App Exchange (for instance, QRadar Enhanced Data Migration 2.3.1)
3. Changing an approach to the apps. Why was divide Utility Functions for SOAR to REST API Functions for IBM QRadar SOAR, SOAR Function Utilities for SOAR, Parse Utilities Function for SOAR? Should I need to rewrite my playbooks to have support/update apps in future?

------------------------------
Gule Fahid
------------------------------

Hello,

I have complaints to IBM developers. How I can use your SOAR platform? Why so many issue in the last time?

1. Changed images what cause issue with apps and severe interfere of our SOC processes.
2. Publication broken app to App Exchange (for instance, QRadar Enhanced Data Migration 2.3.1)
3. Changing an approach to the apps. Why was divide Utility Functions for SOAR to REST API Functions for IBM QRadar SOAR, SOAR Function Utilities for SOAR, Parse Utilities Function for SOAR? Should I need to rewrite my playbooks to have support/update apps in future?

Hi Gule,

Thank you for your feedback. I can offer some insights on your concerns. 

1. We regularly review our container images for ongoing security vulnerabilities and 'future-proofing' them for newer versions of IBM SOAR and QRadar Suite Software (formally CP4S). As much as we test any changes for introduced artifacts, a few app issues have slipped through. We will be updating our QA process to attempt to catch them before publication.
2. There was a publication anomaly on the AppExchange associated with QRadar Enhanced Data Migration 2.3.1 which we have corrected.
   I'd like to take this opportunity to point out that this app uses the OFFENSE_TIME QRadar Ariel query clause which has a defect associated with QRadar offenses with a small number of events. If you experience data tables which are not populating, open a Support ticket in order to review the application of a correcting hotfix.
3. fn_utilities (Utility Functions) is widely used and represents a collection of disparate functions (17 functions!) which has become difficult to package with the various python library dependencies. We made the decision to break them up into logically grouped functions which you can start to use instead of those in fn_utilities. 
   We will continue to enhance the newer apps. But if you're happy with the functions in fn_utilities, then continue to use them and convert to the new apps on your own schedule.
   The new apps are:
   • fn_network_utilities (remote shell functions, url expansion, etc.)
   • fn_soar_utilities (incident, artifact and attachment functions)
   • fn_parse_utilities (email, ssl certificate and PDF parsing)
   • fn_timer (the timer function alone to isolate thread use)
   • fn_rest_api (new improvements on the call_rest_api function)
   I'll also mention here that fn_rest_api will be expanded over the course of several releases. We are currently focusing on expanded authentication types (OAuth, JWT) and will continue to make it broadly available for ad-hoc Rest API calls.

We will continue to enhance existing apps and develop new apps for the IBM SOAR community. To that end, we will use this forum and blog entries to communicate in advance our intentions for any changes which affect your use.

Regards,

Mark Scherfling

Hello,

I have complaints to IBM developers. How I can use your SOAR platform? Why so many issue in the last time?

1. Changed images what cause issue with apps and severe interfere of our SOC processes.
2. Publication broken app to App Exchange (for instance, QRadar Enhanced Data Migration 2.3.1)
3. Changing an approach to the apps. Why was divide Utility Functions for SOAR to REST API Functions for IBM QRadar SOAR, SOAR Function Utilities for SOAR, Parse Utilities Function for SOAR? Should I need to rewrite my playbooks to have support/update apps in future?

Hello Mark,

Thank you for the answer. I just download fixed zip archive with QRadar Enhanced Data Migration 2.3.1, updated and press "Test Configuration". How do you think what I got? An error with manifest file at https://quay.io/v2/ibmresilient. I don't remember full path. I quikly repack the zip archive to roll back at 2.3.0. The only way why I try to update to 2.3.1 is announced fix MITRE function broken in 2.3.0.

Hi Gule,

Thank you for your feedback. I can offer some insights on your concerns. 

1. We regularly review our container images for ongoing security vulnerabilities and 'future-proofing' them for newer versions of IBM SOAR and QRadar Suite Software (formally CP4S). As much as we test any changes for introduced artifacts, a few app issues have slipped through. We will be updating our QA process to attempt to catch them before publication.
2. There was a publication anomaly on the AppExchange associated with QRadar Enhanced Data Migration 2.3.1 which we have corrected.
   I'd like to take this opportunity to point out that this app uses the OFFENSE_TIME QRadar Ariel query clause which has a defect associated with QRadar offenses with a small number of events. If you experience data tables which are not populating, open a Support ticket in order to review the application of a correcting hotfix.
3. fn_utilities (Utility Functions) is widely used and represents a collection of disparate functions (17 functions!) which has become difficult to package with the various python library dependencies. We made the decision to break them up into logically grouped functions which you can start to use instead of those in fn_utilities. 
   We will continue to enhance the newer apps. But if you're happy with the functions in fn_utilities, then continue to use them and convert to the new apps on your own schedule.
   The new apps are:
   • fn_network_utilities (remote shell functions, url expansion, etc.)
   • fn_soar_utilities (incident, artifact and attachment functions)
   • fn_parse_utilities (email, ssl certificate and PDF parsing)
   • fn_timer (the timer function alone to isolate thread use)
   • fn_rest_api (new improvements on the call_rest_api function)
   I'll also mention here that fn_rest_api will be expanded over the course of several releases. We are currently focusing on expanded authentication types (OAuth, JWT) and will continue to make it broadly available for ad-hoc Rest API calls.

We will continue to enhance existing apps and develop new apps for the IBM SOAR community. To that end, we will use this forum and blog entries to communicate in advance our intentions for any changes which affect your use.

Regards,

Mark Scherfling

Hello,

I have complaints to IBM developers. How I can use your SOAR platform? Why so many issue in the last time?

1. Changed images what cause issue with apps and severe interfere of our SOC processes.
2. Publication broken app to App Exchange (for instance, QRadar Enhanced Data Migration 2.3.1)
3. Changing an approach to the apps. Why was divide Utility Functions for SOAR to REST API Functions for IBM QRadar SOAR, SOAR Function Utilities for SOAR, Parse Utilities Function for SOAR? Should I need to rewrite my playbooks to have support/update apps in future?

Hi Gule,

Thank you for your feedback. I can offer some insights on your concerns. 

1. We regularly review our container images for ongoing security vulnerabilities and 'future-proofing' them for newer versions of IBM SOAR and QRadar Suite Software (formally CP4S). As much as we test any changes for introduced artifacts, a few app issues have slipped through. We will be updating our QA process to attempt to catch them before publication.
2. There was a publication anomaly on the AppExchange associated with QRadar Enhanced Data Migration 2.3.1 which we have corrected.
   I'd like to take this opportunity to point out that this app uses the OFFENSE_TIME QRadar Ariel query clause which has a defect associated with QRadar offenses with a small number of events. If you experience data tables which are not populating, open a Support ticket in order to review the application of a correcting hotfix.
3. fn_utilities (Utility Functions) is widely used and represents a collection of disparate functions (17 functions!) which has become difficult to package with the various python library dependencies. We made the decision to break them up into logically grouped functions which you can start to use instead of those in fn_utilities. 
   We will continue to enhance the newer apps. But if you're happy with the functions in fn_utilities, then continue to use them and convert to the new apps on your own schedule.
   The new apps are:
   • fn_network_utilities (remote shell functions, url expansion, etc.)
   • fn_soar_utilities (incident, artifact and attachment functions)
   • fn_parse_utilities (email, ssl certificate and PDF parsing)
   • fn_timer (the timer function alone to isolate thread use)
   • fn_rest_api (new improvements on the call_rest_api function)
   I'll also mention here that fn_rest_api will be expanded over the course of several releases. We are currently focusing on expanded authentication types (OAuth, JWT) and will continue to make it broadly available for ad-hoc Rest API calls.

We will continue to enhance existing apps and develop new apps for the IBM SOAR community. To that end, we will use this forum and blog entries to communicate in advance our intentions for any changes which affect your use.

Regards,

Mark Scherfling

Hello,

I have complaints to IBM developers. How I can use your SOAR platform? Why so many issue in the last time?

1. Changed images what cause issue with apps and severe interfere of our SOC processes.
2. Publication broken app to App Exchange (for instance, QRadar Enhanced Data Migration 2.3.1)
3. Changing an approach to the apps. Why was divide Utility Functions for SOAR to REST API Functions for IBM QRadar SOAR, SOAR Function Utilities for SOAR, Parse Utilities Function for SOAR? Should I need to rewrite my playbooks to have support/update apps in future?