List of Contributions

Oscar López

Contact Details

My Content

1 to 19 of 19 total
Posted By Oscar López Wed January 08, 2020 03:36 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Thanks again Best, Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Wed January 08, 2020 03:15 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Ben Which version do you recomend us to install 24/12/2019 https://exchange.xforce.ibmcloud.com/hub/extension/a9bcc3eaebf2a6efc04258b4964a48a4 (or the one in the github which is more recent? I am not sure how to install this one) I suposse just resinstall the new version should be ok sudo ...
Posted By Oscar López Wed January 08, 2020 01:19 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jared Thank you very much for this information. Best, Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Tue January 07, 2020 05:07 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yongjian An update on Qradar integration was released on 24 Dic 2019. Does it solve the issue of unicode? https://exchange.xforce.ibmcloud.com/hub/extension/a9bcc3eaebf2a6efc04258b4964a48a4 I am not sure on the steps to follow to perform an upgrade of the app. Best regards Oscr -- ...
Posted By Oscar López Tue January 07, 2020 07:27 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jared Any update on this issue? Is there available a new version for the qradar_function? Best regards Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Tue December 10, 2019 04:55 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yongjian Yes you are right it was by clicking the "Escalate to Resilient" button I have solved restarting the Resilient APP in QRadar (via API) Thanks a lot. Best Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Tue December 10, 2019 02:39 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi We are getting the following error after a QRadar update and escaltion process to Resilient fails. The following client exception occurred while handling the server response: (0) TypeError: dijit.byId(...) is undefined Any ideas to check and troubleshoot? Thanks Best regards Oscar ...
Posted By Oscar López Wed December 04, 2019 06:56 AM
Found In Library: IBM Security SOAR
Posted By Oscar López Wed December 04, 2019 06:56 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Ben A log on SMTP will help a lot >Unfortunately there are no logs about notification matches. The issue is that we are not receiving the notifications on close when a particular code is set to a value. Default on close notification are not beeing received too. Best regards Oscar ...
Posted By Oscar López Tue December 03, 2019 12:58 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Ben, Thanks for answering, we will test again. Definitively this could be the reason, the person that caused the notification to be generated won't receive it Best regards Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Fri November 29, 2019 04:51 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all, I finally confirmed that HTML in the body of the email can be used in Administration Settings and Notifications. And succeeded to create an email template using substitution values. I did not find any reference of using HTML in the body for email notifications in the Resilient IRP System ...
Posted By Oscar López Thu November 28, 2019 08:35 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all, We would like to apply a smart format to the body message for email notification... Actually we are receiving this. Could we use HTML tags? or similar? any other choice? mark down? etc. Closed Incident The incident 3619 has been closed. Incident details: Incident: 3619 Organization: $( ...
Posted By Oscar López Thu November 28, 2019 07:58 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Ben Many thanks for it. Double check again and it was a silly error on incident name. created to match the rule. Best regards, Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Wed November 27, 2019 04:12 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Pablo, Sure, push configuration is done to the child-orgs, and we are testing over this instance. Thanks again, ------------------------------ Oscar López ------------------------------
Posted By Oscar López Tue November 26, 2019 07:00 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying an additional condition. Is is possible or will disturb on the generic close condition for notification? ...
Posted By Oscar López Tue November 26, 2019 06:34 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all It was solved with this. tokens = incident.name.split('-') incident.min_code = tokens[1].strip() + '-' + tokens[2].strip() Many thanks! Oscar ------------------------------ Oscar López ------------------------------
Posted By Oscar López Tue November 26, 2019 05:53 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all, After creating a rule (Menu) that applies a condition with a field in the incident (which is creatred and exists). We are not able to see the rule in the Action Menu. Any ideas? Cheers, and thanks for sharing Oscar ------------------------------ Oscar López ----------------- ...
Posted By Oscar López Tue November 26, 2019 12:54 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi all, We are trying to process input from the incident name field "Name " 'QRadar ID 29857 , Port Scan - FW-003-192.168.89.41-178.60.254.205' Using a Rule that will run a script that will parse and get the values splitted between -, using the following small code example script tokens = i ...