List of Contributions

Brian Mathias

Contact Details

My Content

1 to 10 of 10 total

SOAR v44.2 incident limit in dashboard widget

Posted By Brian Mathias Fri June 03, 2022 02:47 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Has anyone noticed a 1,000 incident limit within Analytics Dashboard widgets in v44? We recently upgraded to v44.2 and my existing metrics dashboards are now showing about half of the data that they should, obviously maxing out at 1,000 incidents. ------------------------------ Brian Mathias -- ...

RE: Migration to dark theme IBM Security SOAR (Resilient) in v41/v40.2

Posted By Brian Mathias Wed May 12, 2021 09:04 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Chuck, We used the color themes as a way to make it obvious if we were in our production environment (vs development). So I wouldn't say we care about the light color theme going away, but we would like a way to make the development environment visually different - even if it's just a change to ...

Export and overwrite Customization Settings

Posted By Brian Mathias Tue January 19, 2021 03:59 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
We're looking at refreshing our development environment with all of our current production customization settings. If we do an export from production and import into dev, will it overwrite all objects that already exist? I'm assuming it won't delete objects that didn't exist in the export file. Is ...

RE: Data at Rest encryption

Posted By Brian Mathias Mon November 16, 2020 04:43 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
With the transition away from the Success portal, I had to search for this. Here it is if anyone needs it: https://www.ibm.com/support/pages/node/1161964 ------------------------------ Brian Mathias ------------------------------

Backup vs DR system

Posted By Brian Mathias Mon August 24, 2020 05:24 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
What are other Resilient users doing for DR and/or backups? I'm weighing the pros and cons of setting up a new DR system, versus just running a backup nightly. I know I'd have less data loss if I setup the DR system, but it also seems like a lot of configuration and extra maintenance. That extra ...

RE: fn_bluecoat_site_review error

Posted By Brian Mathias Fri April 03, 2020 09:26 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
FYI - It is possible to pull the category from your local ProxySG if you have one. An HTTP call to it like below will provide you with HTML output containing the site category... https://[host]:[port]/ContentFilter/TestUrl/google.com/ ------------------------------ Brian Mathias -- ...

Metrics for incident-email associations

Posted By Brian Mathias Tue March 24, 2020 11:54 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Is there any way to count the number of emails associated with incidents within an Analytics dashboard? I realize I could create a new field and increment it within my Email Message script, but I'm being asked about some existing incidents. I'm hoping there's something obvious that I'm missing. ...

Python 3 support

Posted By Brian Mathias Wed March 18, 2020 05:30 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Are there any plans to support Python 3.x on the Resilient application server (BYORHEL platform)? I heard somewhere that Python 2.7 is supported by Red Hat, so maybe it's okay to keep it longer. ------------------------------ Brian Mathias ------------------------------

RE: Get Unique count of Destination port from Data table of an incident

Posted By Brian Mathias Tue February 25, 2020 10:51 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Akhilesh, I think what Mark is saying is that in a Data Table script, you get access to the row object but not the whole data table. ​I'd love to see IBM expose Data Table objects, because there are some things I'd like to do with data tables as well, like duplicate checking. These limitations make ...

RE: Email incident changes on a note

Posted By Brian Mathias Fri January 24, 2020 11:19 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
It sounds like you want to add the message body of the reply to the notes of the existing incident. If that's correct, here's what I did. After the script matches an existing incident and associates the email with it, you can use the following lines: incident.addNote( "=== Email Body from " + ema ...