List of Contributions

Pierre Dufresne

Contact Details

My Content

1 to 20 of 50+ total
Posted By Pierre Dufresne Thu March 28, 2024 08:46 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, On my part, what I usually do is: import json incident.addNote(json.dumps(playbook.functions.results.rest_response),indent=2)) The indent parameter will make the output much clearer. ------------------------------ Pierre Dufresne ------------------------------
Posted By Pierre Dufresne Mon March 25, 2024 08:52 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Curtis, I recently had the opportunity to test the new table/column width adjustment. The result is much more pleasing to the eyes. Thanks. ------------------------------ Pierre Dufresne ------------------------------
Posted By Pierre Dufresne Tue February 27, 2024 09:23 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, According to this documentation (https://www.ibm.com/docs/en/sqsp/51?topic=scripts-incident-operations), the addArtifact "Returns an artifact script object for further customization.". So, I think you could do something like this: NewArtifact = addArtifact(type, value, description) NewArtifact.source ...
Posted By Pierre Dufresne Tue February 27, 2024 08:41 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Curtis, Thanks for the heads up. I will surely give it a try soon. Curiously, this is not mentioned in the What's new section of the documentation. I think it should have been. ------------------------------ Pierre Dufresne ------------------------------
Posted By Pierre Dufresne Tue February 20, 2024 08:50 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yohji, Thank you so very much! It worked! I just want to add for others who might use this code that on my first try I got this error message: CategoryInfo : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException I just added this line at the ...
Posted By Pierre Dufresne Mon February 19, 2024 03:51 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, I am attempting to get an incident details with the SOAR Rest API with a Powershell script. I created an API Key and gave it full control. My script is pretty basic and it looks like this: $key_id = 'XXX-XXX-XXX-XXX' $key = 'YYY-YYY-YYY-YYY' $url = 'https://[myorg].resilientsystems.com/r ...
Posted By Pierre Dufresne Mon January 29, 2024 08:37 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
So this should be the new solution: ------------------------------ Pierre Dufresne ------------------------------
Posted By Pierre Dufresne Mon January 29, 2024 08:35 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Maria, Your post had me thinking. Maybe I could dispense with the the condition, the function and the Noop script with this new version. As you explained, each script could begin with an If statement like: If "action1" in playbook.properties.action: do what the script has to do Else: ...
Posted By Pierre Dufresne Thu January 25, 2024 04:10 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
This is the solution I will use. I think the Noop scripts are necessary though. When leaving the condition point, you cannot directly go into a wait point: The condition is either true or not. If both branches enter a wait point, only one of them will have been taken, either the true branch or the ...
Posted By Pierre Dufresne Thu January 25, 2024 04:02 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
The solution you are describing is similar to my first post. The condition point there is also "Any true condition". Each condition reads like "If Action contains Action1", "If Action contains Action2", ... I think I will go with my second solution. Thanks for your insights. ------------------------------ ...
Posted By Pierre Dufresne Thu January 25, 2024 11:34 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Bo, Thanks for your feedback. The first task presented to the analyst is Select Action. Before completing the task, he must edit the field multiselect field called "Action" to specify which actions need to be performed. For example, if he selects Action1 and Action3, the corresponding scripts ...
Posted By Pierre Dufresne Wed January 24, 2024 03:02 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi everybody, I am writing a playbook like the one below. I created a multiselect field called "Action" which can take one or more values: Action1, Action2, Action3, Action4. The condition is configured with "Any true condition". For each value selected, there is an associated script that needs ...
Posted By Pierre Dufresne Wed January 24, 2024 08:35 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, I am not a SOAR expert but to my knowledge, the only way I know of accessing the rows of a data table would be to install and use the Datatable Utilities (IBM SOAR Data Table Helper Functions) from the App Exchange. Then you can use the functions provided by it like: Get Row, Get Rows, Get All ...
Posted By Pierre Dufresne Tue December 12, 2023 01:37 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, HTML tables in rich text fields is a new new functionality in SOAR v51.0. After experimenting with this a little, I found no way to resize a column after creating a table in a note. The width of the columns are equally distributed and they do not resize according to their content. The same ...
Posted By Pierre Dufresne Mon November 27, 2023 01:26 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar SOAR Plugin" for QRadar. You can configure this plugin to automatically close an offense when it is closed in SOAR, On the QRadar console, access the IBM QRadar SOAR Plugin configuration. On ...
Posted By Pierre Dufresne Mon November 20, 2023 04:05 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all, I don't recall where, but I think I read once that we should not call the same function multiple times simultanously in a playbook. Something to do with message queues getting mixed up or ... My use case is this: I am currently developping a playbook where I would call from 1 to 7 Linux ...
Posted By Pierre Dufresne Thu November 02, 2023 04:31 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
This other may also interest you, but I think you have to pay for it. IBM Security SOAR Clearing System link: https://exchange.xforce.ibmcloud.com/hub/extension/285b29fbcb77d592c089bf850b329f67 ------------------------------ Pierre Dufresne ------------------------------
Posted By Pierre Dufresne Thu November 02, 2023 04:22 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
I don'y know if it might help you but there is an app called "Data feeder SOAR plugin" in the IBM X-Force app Exchange. The description is: This package contains the SOAR plugin to the Data Feed app. The Data Feed Extension allows you to maintain "replica" data for SOAR incidents artifacts, tasks, ...
Posted By Pierre Dufresne Wed November 01, 2023 08:25 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Mark, Thanks for the info. I hope that "next release in Q42023" really means V51 which, according to this post "SOAR Release Versioning Change from V51" by Martin Feeny, should be due in November 2023. That means pretty soon! :-) ------------------------------ Pierre Dufresne -------- ...
Posted By Pierre Dufresne Tue October 31, 2023 04:01 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
The package "Utility Functions for SOAR" v2.1.3 contains a function called JSON2HTML. I used it to format some response returned by a call to a REST API. When you feed the result of the JSON2HTML function to the helper.CreateRichText funcion and add a note to an incident, you don't get the ...