List of Contributions

Adam

Contact Details

My Content

1 to 20 of 50+ total

RE: Analytics Dashboard Report

Posted By Adam Wed January 27, 2021 05:22 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, I think we can consider my question rhetorical because many questions like this are posted against the idea itself without any answer. Anyway, thank you for the information. ------------------------------ Adam ------------------------------

RE: Analytics Dashboard Report

Posted By Adam Wed January 27, 2021 04:57 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, Thank you. This idea posted 2 years ago but there is no progress about it so far. As I can see many customers requested it. How come it is still not in the product? ------------------------------ Adam ------------------------------

Analytics Dashboard Report

Posted By Adam Tue January 26, 2021 04:05 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi All, Is it possible to create PDF report from the Analytics Dashboard periodically e.g. weekly and send it via email to specific addresses? Thank you. ------------------------------ Adam ------------------------------

RE: Resilient App Host connections

Posted By Adam Wed November 18, 2020 01:40 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Brian, I see. All right. Thank you for your quick answer. Regards, Adam ------------------------------ Adam ------------------------------

Resilient App Host connections

Posted By Adam Tue November 17, 2020 05:05 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi All, I have a question about APP Host and Resilient ports connection. The documentation says: "Ports 6443 and 10250 (both TCP) and 8472 are accessible. If installing the App Host virtual application, also make sure TCP ports 22 and 443 are accessible." My question is that these ports have ...

Resilient-QRadar integration questions

Posted By Adam Tue November 17, 2020 04:57 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi All, I have a few questions about the QRadar-Resilient integration app. 1. Is it possible to make the user that escalated the incident from an offense owner of the created incident? 2. Is it possible to extract these offense fields from an offense to the escalated incident? Username, Annotations, ...

RE: fn_whois-1.0.2 no results

Posted By Adam Thu November 12, 2020 01:50 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, Same results for dns entry ibm.com unfortunately. ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Wed November 11, 2020 07:55 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, I know and thank you for your efforts. Here are the logs: DEBUG [stomp_component] ack_frame() 2020-11-11 13:32:22,309 DEBUG [client] Sending ACK frame [headers=('id': 'ID:resilient.localdomain-35319-1603268263966-5:376'), version=1.2] 2020-11-11 13:32:22,309 DEBUG [stomp_component] ...

RE: fn_whois-1.0.2 no results

Posted By Adam Fri November 06, 2020 01:29 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, I see. Thank you. Only this app is installed on Apphost, the rest is on IS. Our customer has only IS. The other integrations work fine. I cannot access the resilient-circuits logs right now but I can upload the Apphost logs from our environment(see attached). ------------------------------ ...

RE: fn_whois-1.0.2 no results

Posted By Adam Fri November 06, 2020 01:28 AM
Found In Library: IBM Security SOAR

RE: Artifact bulk upload

Posted By Adam Wed November 04, 2020 01:24 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ben, Yes, some artifact types are allowing to upload multiple at the same time but email addresses and hashes are not. 1) Can you please show me what input field are you referring to because I did not find any input field in the Menu item rule? 2) Where should we write this and how can we ...

RE: fn_whois-1.0.2 no results

Posted By Adam Wed November 04, 2020 01:08 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, I got the same results as you did so it is working. I do not think that it is a network problem. Are you sure that the post-process script is right? Our customer has the exact same problem. ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Fri October 30, 2020 09:24 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
And this is in the Actions tab: No handler returned a result for this action Run Whois Query Against Artifact ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Fri October 30, 2020 08:43 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Actually on of our customers has the same issue but it runs on an IS. pip list from there: Package Version ----------------------- --------- argon2-cffi 20.1.0 attrs 20.2.0 beautifulsoup4 4.9.1 bs4 0.0.1 cachetools 2.1.0 certifi 2020.6.20 cffi 1.14.0 chardet 3.0.4 circuits 3.2 click 7.1.2 ...

RE: fn_whois-1.0.2 no results

Posted By Adam Thu October 29, 2020 10:06 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, I see. It is an AppHost so I cannot install whois package on it directly but wget is working for whois.net and it can connect any site without a proxy. What could be the problem then? Thank you. ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Thu October 29, 2020 07:40 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, Pre: inputs.whois_query = artifact.value Post: def format_link(item): if item and (item.startswith("https://") or item.startswith("http://")): return " (0) ".format(item) else: return item def expand_list(list_value, separator=" "): if not isinstance(list_value, list): return ...

Artifact bulk upload

Posted By Adam Thu October 29, 2020 04:31 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi, We wish to upload multiple(sometimes almost a hundred) artifacts for incidents and this procedure is very painful manually. Is there any way to bulk upload for every artifact types? Thank you. ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Thu October 29, 2020 03:36 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, It is disabled: cafile = false If it is wrong, where can I find the proper security certificate for it? But it still does not explain why the query results are all "None". Thank you. ------------------------------ Adam ------------------------------

RE: QRadar integration function

Posted By Adam Thu October 29, 2020 03:15 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Ihor, Thank you for your answer. Is there any more information about the way of working and the functionalities about tit? ------------------------------ Adam ------------------------------

RE: fn_whois-1.0.2 no results

Posted By Adam Wed October 28, 2020 03:42 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi John, It is the out of the box example query we have not made any changes to it. It is on AppHost and there are some error messages in both log files indeed. apphost_operator.log: ERROR i.f.k.c.i.cache.ReflectorRunnable - Watch closing. 08:32:48.309 [pool-2-thread-1] INFO c.i.s.a.c.o.K ...