List of Contributions

sudheer kumar

Contact Details

My Content

1 to 9 of 9 total
Posted By sudheer kumar Fri October 11, 2019 03:29 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
thanks @Jared Fagel, that's a good option to return failure or success in the function. there are two challenges with that, does already available functions in IBM repo has has this option. it would increase the size of playbook. because we are looking for maximum automation, so there ...
Posted By sudheer kumar Thu October 10, 2019 06:13 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi , is there any option to notify user when the function in the circuits stops because if an error, the default notifications has only option to push notications only for incidents, tasts, or artifacts. our scenario is, we are developing a function to pull the incidents from an itsm tool automatically, ...
Posted By sudheer kumar Thu October 10, 2019 06:02 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hey, I too had the problem in setting up the dev environment for developing the functions , because of no clear documentation that could help us in one GO. but i managed to just set up the environment developed some hello work kind of functions :-p, now exploring to build more useful functions ...
Posted By sudheer kumar Thu June 27, 2019 08:16 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
restarting the services fixed the problem. ------------------------------ sudheer kumar ------------------------------
Posted By sudheer kumar Thu June 27, 2019 05:56 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, we were enabling the following error while enabling the virustotal or xforce exchange threat source. both were working fine till yesterday. but today we are not able to enable them while checking out the logs we got the following error. 05:29:03.110 [http-bio-443-exec-10] ERROR com.co3.t ...
Posted By sudheer kumar Thu June 20, 2019 06:55 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
# preprocessing # for utilites: base64_to_attachments # parsed_email is the output from email parser funcrion attach = workflow.properties.parsed_email.attachments[-1] inputs.base64_content = attach["content"] inputs.name = attach["name"] #other intput #other input ​ #postprocessing ...
Posted By sudheer kumar Thu June 20, 2019 03:13 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi All, I was creating a workflow to parse an eml attachment, using the utilities functions available for Resilient. Extending the example email parsing workflow. if there are attachments inside the eml. that would be an array of attachments. so I would like to add all those attachments as an ...
Posted By sudheer kumar Thu June 13, 2019 11:57 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi PATRICK, thanks for the response, yeah, you were right , the Notes field was set to mandatory . fixed it by adding notes through script. I have one more query, do we have any better eml parser ? the one which comes with utility functions does not. seem to extract artifacts from the email ...
Posted By sudheer kumar Wed June 12, 2019 09:47 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi, I was trying the sample script which was given in the doc to create incident from the email message: #sting incident (whose name contains the string "ABC123") query_builder.contains(fields.incident.name, "Phishing-mail") query = query_builder.build() incidents = helper.findIncidents(query) ...