IBM Security QRadar SOAR

 View Only

  • 1.  Scheduling A Playbook in SOAR using SOAR Scheduler App

    Posted 9 days ago

    Hi Everyone

    I'm trying to schedule a playbook to run every 30 seconds for all incidents, but I have no idea how to do it. Currently, I can only run the scheduler for a particular incident, and even then it throws an error on the playbook.

    I checked this playbook exist also it has been enabled I tested the app.config it giving successful. 

    Anyone have Idea why it throwing error.




    ------------------------------
    Cyber SOC Engineering
    ------------------------------


  • 2.  RE: Scheduling A Playbook in SOAR using SOAR Scheduler App

    Posted 8 days ago

    Hello, can you tell me which rule/playbook from AppExchange that you want the Scheduler App to run ?



    ------------------------------
    HENRY CHUANG
    ------------------------------

    Original Message


  • 3.  RE: Scheduling A Playbook in SOAR using SOAR Scheduler App

    Posted 4 days ago

    Greetings,

    Per your questions:

    1. It is possible to schedule a job for each incident by creating an automatic playbook which will schedule the job which will run when the incident is create. Just setup the Playbook condition for 'Incident is created'.
    2. I was able to create a scheduled job for a playbook. But there are a couple of things to be considered:
      1. Use the Playbook display name, not the API name of the playbook. The app will be updated in a future release to support both.
      2. Make sure the app.config 'timezone' setting is set correctly. In my case, scheduled jobs for the utc timezone would be off by 5 hours as the correct timezone should have been 'America/New_York'

    Hope this helps.

    Regards,



    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message