List of Contributions

Andreas Fiehn

Contact Details

My Content

1 to 11 of 11 total

How can we monitor workflow instances?

Posted By Andreas Fiehn Wed August 16, 2023 09:19 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
We would like to be notified whenever a workflow has failed in Resilient. Additionally, we would also like to monitor script and playbook errors. One way this could be obtained for workflows would be to monitor the workflow instances which can be obtained from the following endpoint: /orgs/(or ...

RE: Bulk deleting incidents in Resilient

Posted By Andreas Fiehn Wed November 03, 2021 06:30 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Leonardo, Thanks for the reply! I guess it could work, although it will probably take some time to set up :) ------------------------------ Andreas Fiehn ------------------------------

RE: Bulk deleting incidents in Resilient

Posted By Andreas Fiehn Wed November 03, 2021 06:24 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thank you Ben! It is exactly our what we are trying to do and we will take a look at the Export of configuration.Thank you Sometimes we need an exact copy of everything, so it would be nice with a fast way to make deletions. Do you know if there is a way to disable all the rules through API? ...

Bulk deleting incidents in Resilient

Posted By Andreas Fiehn Fri October 29, 2021 05:23 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello I need to be able to delete all incidents in Resilient. I tried using the following API endpoint, but if I provide more than a few 100 incident ids it takes forever. I tried providing around 7000 incident ids and Resilient stopped responding. Is there a way to clear the incident database ...

Resilient API front end or proxy

Posted By Andreas Fiehn Fri August 06, 2021 07:39 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
A third party needs to get access to some incident data in Resilient through the API. Is it possible to setup some kind of front end or proxy, so they can access the Resilient Rest API without giving them access to the Resilient back end on our firewall? The front end/proxy has to be in a DMZ Any ...

RE: Node.js API Integration with Resilient

Posted By Andreas Fiehn Fri August 06, 2021 06:54 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thank you Burak, I used the Node.js Buffer-object to base64-encode it and it works now let credentialString = resilientKeyID + ":" + resilientKeySecret; var buff = Buffer.from(credentialString); let base64CredentialString = buff.toString('base64'); let auth = "Basic " + base64CredentialString; ...

Node.js API Integration with Resilient

Posted By Andreas Fiehn Tue July 27, 2021 11:40 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
I need to access Resilient's API with Node.js by using an API-key and API-secret generated in Resilient. How do I define the headers when making a http request to resilient API? I am using superagent And have tried sending the authentication in different ways I tested it in Postman using the ...

Resilient: Time tracking business hours

Posted By Andreas Fiehn Wed May 26, 2021 10:03 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Community I wish to modify the time tracking in Resilient to only accumulate the business hours it has been active (weekdays from 9:00 to 17:00). Is there a smart way to do this? I have been considering an approach where I would start a workflow which runs in a loop with a timer and calculates ...

RE: Resilient: Importing custom scripts

Posted By Andreas Fiehn Mon February 15, 2021 07:48 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Sean, Thank you for the quick answer. I think August got an interesting idea. Would that be possible? ------------------------------ Andreas Fiehn ------------------------------

Resilient: Importing custom scripts

Posted By Andreas Fiehn Mon February 15, 2021 05:21 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi community, I have several scripts in Resilient which are all triggered by different rules. Some of these scripts have duplicate code which I would like to prevent, since it is generally bad practice and makes it harder to change things. Is there a way to install custom python packages to use in ...

Resilient: Limit incident fields textarea number of characters

Posted By Andreas Fiehn Thu January 28, 2021 05:07 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi community, I am taking the content of an incident field in resilient and adding it to QRadar as a note. QRadar has a limit of 2000 characters which means the field will not be added if it exceeds 2000 characters. Is there a way to limit the incident text area field to only allow 2000 characters? ...