List of Contributions

Ryan Terry

Contact Details

My Content

1 to 20 of 20 total
Posted By Ryan Terry Tue October 24, 2023 05:04 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
would you mind sharing with me the docker environment setup commands for postgres? ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Wed June 15, 2022 01:12 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Does anyone know of a way to trigger a Playbook or other action based on the number of inbound emails received by SOAR over a certain period of time? Our use case: If we receive x amount of phishing reports over y time then open a high priority ticket in Service Now. ------------------------------ ...
Posted By Ryan Terry Thu July 29, 2021 11:13 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
AnnMarie, Thanks for the reply. I am running App Host. ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Wed July 28, 2021 12:57 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Has anyone gotten this workflow working by using "ALL" in the Email Address field? I can get results if I target a single email address, but if I want to search all mailboxes for a particular email message it fails after running for about an hour with an error - "RecursionError: maximum recursion depth ...
Posted By Ryan Terry Wed May 26, 2021 02:15 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I need to replace one of my workflows that use the Timer function with a Playbook using the Wait Point because the Timer function is causing issues with the Utilities queue. I understand that more functionality will be coming in the future for the Playbook Designer, but in the meantime I need to know ...
Posted By Ryan Terry Thu February 06, 2020 05:22 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I got this working properly after some help from support and some customization on my part, but now I am wondering if the integration can be setup to pull DLP incidents from more than just one Saved DLP Report ID? ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Wed January 22, 2020 05:58 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Does anyone know of anyway to suppress all artifacts from doing Threat Source lookups on incidents with a particular Incident Type? For instance, we may create an incident for a specific malware threat like emotet, which includes all known IOC's as artifacts from many cyber threat intel sources such ...
Posted By Ryan Terry Fri January 10, 2020 12:07 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I mistakenly replied to this thread. I meant to add the question to the IOC Parser Function thread. ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Fri January 10, 2020 12:06 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Has anyone increased the usability of this function by adding the ability to parse the incident notes field as well as an attachment or artifact? ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Thu January 09, 2020 06:17 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Has anyone increased the usability of this function by adding the ability to parse the incident notes field as well? ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Tue January 07, 2020 04:56 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Here is a larger log excerpt, but I can reply privately with my entire log file if you need it. I never see a log entry with "Finished processing all Incidents in Saved Report" 2020-01-07 14:42:48,050 INFO [dlp_incident_listener] DLP Listener Polling Event received. Checking if any previous thread ...
Posted By Ryan Terry Fri January 03, 2020 05:18 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Tamara, This is what I see in the logs: 2020-01-03 15:08:23,904 INFO [dlp_incident_listener] DLP Listener Polling Event received. Checking if any previous thread is still alive 2020-01-03 15:08:23,905 DEBUG [dlp_incident_listener] dlp_thread_start: Creating a thread to poll DLP 2020-01-03 15:08:23,905 ...
Posted By Ryan Terry Fri January 03, 2020 12:27 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Has anyone gotten the Symantec Data Loss Prevention integration to work properly? I have it configured per the instructions in the app exchange. I can see that the Resilient DLP Listener Component is reaching out to my DLP server and obtaining the correct report including DLP incidents, but Resilient ...
Posted By Ryan Terry Fri January 03, 2020 12:19 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Has anyone gotten the Symantec Data Loss Prevention Integration to work properly? I have it configured based on the documentation in the app exchange and can see that the DLP Listener component is reaching out to my DLP server and obtaining the proper DLP incident report, but there are no Resilient incidents ...
Posted By Ryan Terry Thu October 24, 2019 03:07 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I am wondering if anyone has integrated a similar whitelist feature in the Email Parsing workflow/function as the Inbound Email Script? I have some IP's and URL's that I am whitelisting with the email script just fine, but if an email comes in as an .eml attachment it is parsed differently with the Email ...
Posted By Ryan Terry Tue May 21, 2019 04:29 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
This worked. Thanks Tamara. ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Thu May 02, 2019 12:25 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Python 2.7.15 -bash-4.2$ pip freeze DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. asn1crypto==0.24.0 beautifulsoup4==4.6.3 bs4==0.0.1 ...
Posted By Ryan Terry Mon April 29, 2019 03:32 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I have been able to use the Exchange Send Mail function with no problem, but am getting the following error when using the Exchange Find Email function. The exchange account I am using should have the correct permissions and my folder path appears correct, but I get an error related to the date format. ...
Posted By Ryan Terry Thu February 28, 2019 04:57 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Jared, Thank you for sharing. Are you requiring Attachment to Base64 input or what would you use for Input and Pre-Process Script within the Workflow? Thanks, Ryan ------------------------------ Ryan Terry ------------------------------
Posted By Ryan Terry Mon February 25, 2019 05:14 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I am already using the Utilities:Email Parser function, but I am wondering if anyone has a good way to parse the email attachment of an .EML file (base64) and add it as an attached file to the incident. I am able to parse the other headers I need to create Artifacts, but am stuck on the attachment part. ...