List of Contributions

PABLO ROBERTO GARCIA

Contact Details

My Content

1 to 20 of 32 total

RE: Resilient Circuit in in cronjob

Posted By PABLO ROBERTO GARCIA Tue November 02, 2021 05:07 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Could you tell us the use case? There is a document explaining how to create a service in circuits, and also there is a scheduler app that gives you the possibility to run any function at specific cron format. Regards, ------------------------------ PABLO ROBERTO GARCIA ---------------- ...

RE: Qradar Offense link

Posted By PABLO ROBERTO GARCIA Thu November 12, 2020 03:50 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello mate, thanks for sharing. Could you explain a little bit better how you use the escalation template to pass the url? I saw an URL but I can`t see it completely.. If have any other information useful than can be automatically escalated like this, please share with us. Many thanks. ...

RE: Qradar + Resilient integration

Posted By PABLO ROBERTO GARCIA Tue June 09, 2020 05:29 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thanks Ben and Sean. TeamWork..!!!!! ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Qradar + Resilient integration

Posted By PABLO ROBERTO GARCIA Tue June 09, 2020 02:21 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Very useful, I will try it and I let you know. Thanks Sean..!!! ------------------------------ PABLO ROBERTO GARCIA ------------------------------

Qradar + Resilient integration

Posted By PABLO ROBERTO GARCIA Mon June 08, 2020 01:16 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello, I need to know if there is a troubleshooting guide to review the issues between Qradar and Resilient integration. I have just downloaded the latest version of Qradar App for resilient, the App is already installed on Qradar version (7.3.2) and I received the following error message. Is there ...

Generic API Integration process

Posted By PABLO ROBERTO GARCIA Mon June 01, 2020 04:34 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello all, I would like to use some universal way or Generic API Call to integrate with external vendor in IBM Resilient. I know that there is a function call "Utilities: Call REST API" I'd like to have an example about how to use it or understand better and confirm if this method could be used ...

RE: Integration server configuration for different organizations

Posted By PABLO ROBERTO GARCIA Wed May 06, 2020 03:09 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
About the deployment of the integration server based on containers. Is there any specific document explaining the process?... They only place I saw it was at: ibmresilient/resilient-circuits-docker GitHub remove preview ibmresilient/resilient-circuits-docker ...

Query cloud pak for Security from external Script

Posted By PABLO ROBERTO GARCIA Mon March 02, 2020 10:57 AM
Found In Egroup: Cloud Pak for Security \ view thread
Hello, I'd like to know how to query cloud pak for security from external application in order to use the data explorer from python script or something similar?... Regards, ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Not able to see rules in Actions Menu

Posted By PABLO ROBERTO GARCIA Wed November 27, 2019 03:28 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
I know that are basics questions but please let me do it: Do we push the configuration to the child-orgs? Could you confirm me that you are testing with a child-org associated with the related config-org? Regards, ------------------------------ PABLO ROBERTO GARCIA ---------------------- ...

RE: Resilient Playbook : Insider Threats - Demo

Posted By PABLO ROBERTO GARCIA Tue April 30, 2019 05:18 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Great Job John and thanks for sharing that with us. Many Thanks. ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Functions Utilities Error

Posted By PABLO ROBERTO GARCIA Wed April 10, 2019 04:50 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Sergio, To run the circuits in Debug mode inside of the App.config file you have to change this. loglevel=DEBUG Once it's done launch "resilient-circuits run" again and share your output. Regards, ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Playbook Optimization

Posted By PABLO ROBERTO GARCIA Thu March 28, 2019 02:52 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thanks for the clarification about the Rules and how it works... ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Playbook Optimization

Posted By PABLO ROBERTO GARCIA Mon March 25, 2019 11:52 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Probably is because is matching other rule?... make sure put it at the top of the list. Also you have to make sure that the condition is met... regards, ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Playbook Optimization

Posted By PABLO ROBERTO GARCIA Mon March 25, 2019 04:05 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Amit, Based on your requirement is a bit complicated but I will try... Low(13) to Medium(19)= Total tasks should be 32 tasks: Rule 1: If priority is Low I will define 13 Rule 2: If priority is Medium I will define the 32 tasks... Low(13) to High(25) = Total tasks should be 38 tasks Same ...

RE: Use conditional tab/section to better organize incident layouts

Posted By PABLO ROBERTO GARCIA Fri March 22, 2019 04:37 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thanks Mate, great to know that there are two options available. Condition based on TAB or in Section is very flexible. ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Playbook Optimization

Posted By PABLO ROBERTO GARCIA Fri March 22, 2019 04:30 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
I am not sure if I understand your request and either which policies you have in place, I will create a rule such as: Please confirm if that make sense to you: ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Scheduled Tasks issue

Posted By PABLO ROBERTO GARCIA Mon March 18, 2019 12:50 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Thanks, more clear know. ------------------------------ PABLO ROBERTO GARCIA ------------------------------

RE: Scheduled Tasks issue

Posted By PABLO ROBERTO GARCIA Mon March 11, 2019 07:20 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello again and sorry for the delay. I didnt know that is possible to add timers in functions, based on that I have simplified the workflow, the requirement is: Carry out a manual action (tasks) and automatically 2 months later to carry out another function. the result is confuse: As soon as ...

RE: Scheduled Tasks issue

Posted By PABLO ROBERTO GARCIA Wed March 06, 2019 07:36 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
I didnt realise that this was possible to join timers... :-) POC Context: The rule triggers the workflow based on the condition that Artifat = IP, as soon as I include a new IP a new task appears automatically, completing this task the first function is launched (seems to be working because this ...

Scheduled Tasks issue

Posted By PABLO ROBERTO GARCIA Mon March 04, 2019 02:21 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello all, I am playing with Scheduled tasks and I am a bit confuse. I need to run a function to carry out an actions (based on workflow) and after 15 minutes run another functions to undo the action before done. I put the timer in the second tasks without luck. Any idea about there is my fault? ...