List of Contributions

Brian Reid

This individual is no longer active. Application functionality related to this individual is limited.

Contact Details

My Content

1 to 17 of 17 total

RE: Splunk ADD-ON [Event_ID field not mapped]

Posted By Brian Reid Mon March 15, 2021 12:14 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Omar, Great! I'm glad to hear you are up and running. I can provide some information on your additional questions as well: 1. You can map anything you want, provided the token ($result.example_value$) returns a value and the desired field in Resilient exists. For example, it's common to map ...

RE: Splunk ADD-ON [Event_ID field not mapped]

Posted By Brian Reid Wed March 10, 2021 10:35 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Omar, Thank you for your question. First things first, please make sure you have all the proper configurations in place to map the Notable Event ID to a Resilient incident (you are using Splunk ES, the custom field is created in Resilient, etc). If your configuration is good, the next thing ...

RE: Using ODBC QUERY APP with Oracle DB

Posted By Brian Reid Tue March 09, 2021 04:12 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Nick, I sincerely apologize for the delay here. Hopefully I can help provide the information you need and/or set you in the right direction. You are correct that OracleDB is not supported out-of-the-box with the ODBC Query app. However, it is possible to configure. The ODBC query app depends ...

RE: fn MISP attribute tag

Posted By Brian Reid Wed December 02, 2020 09:26 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi David, Thank you so much for the information here. We really appreciate it. I've update the bug ticket with the steps to reproduce so we'll have an easier time working with this. Got it - I see the difference now. Since fn_misp is a community app, I'm not sure how much development effort will ...

RE: fn MISP attribute tag

Posted By Brian Reid Tue December 01, 2020 10:46 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Also - could you provide steps to reproduce this bug? - Brian ------------------------------ Brian Reid ------------------------------

RE: fn MISP attribute tag

Posted By Brian Reid Tue December 01, 2020 10:42 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi David, Great thank you - just wanted to confirm you were on a recent version of the platform and on the latest fn_misp. We don't have a process in place to merge pull requests directly into the resilient-community-apps repo, but what I can do is create a ticket internally for this bug and link ...

RE: fn MISP attribute tag

Posted By Brian Reid Tue December 01, 2020 07:56 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello David, Thank you for bringing this to our attention. Could you please confirm what version of Resilient and what version of fn_misp you are using? Also, are you running fn_misp on an integration server or an app host? Thank you, Brian ------------------------------ Brian Reid ----- ...

RE: Resilient-QRadar integration questions

Posted By Brian Reid Wed November 18, 2020 10:49 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Adam, As a follow-on to Ihor's response, the QRadar-Resilient integration can be found here. The documentation can be downloaded from that page under the "Additional Information" section on the lower righthand side. If you have any outstanding questions that our responses or the docs fail to ...

RE: Resilient workflows not executing in order specified

Posted By Brian Reid Wed November 18, 2020 09:17 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Akhilesh, Could you possibly clarify the issue a little bit for me? I understand that you have a SHA 1 Malware Hash that is added to Resilient as an Artifact after results from a QRadar Ariel query are received. I also understand that once the Artifact as is added, the system makes an API ...

RE: Webhooks with Resilient

Posted By Brian Reid Wed November 18, 2020 09:07 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Zohra, One approach would be the rc-webserver component, part of resilient-circuits. https://github.com/ibmresilient/resilient-python-api/tree/master/rc-webserver Best wishes, Brian ------------------------------ Brian Reid ------------------------------

RE: Resilient App Host connections

Posted By Brian Reid Wed November 18, 2020 08:53 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
You're welcome, Adam. Perhaps you caught my typo, but the outbound ports should be 65000/65001. I added an extra zero in my previous reply. ------------------------------ Brian Reid ------------------------------

RE: Resilient App Host connections

Posted By Brian Reid Tue November 17, 2020 10:36 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Adam, Thank you for your question. This actually looks like a minor mistake in the documentation. I just raised the issue with the team and we are working to correct it. Ports 6443, 10250, and 8472 do not need to be accessible outside of the appliance itself. Port 22 should be inbound ...

RE: Splunk 7.3.3 and Splunk ES 5.1 Integration Compatibility

Posted By Brian Reid Mon November 16, 2020 09:35 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Ahmed, You are correct, the 1.1.0 version of the Resilient Addon for Splunk that we release has only been tested on Splunk 8. There were a lot of fixes that went into that version, so if you are planning to upgrade to Splunk 8 I would highly recommend that you go to 1.1 of our addon as well. ...

RE: Resilient Integration for Splunk and Splunk ES

Posted By Brian Reid Thu November 12, 2020 10:23 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Ayush, I apologize for the delay. Unfortunately, the error that you are seeing is a very general message that Splunk displays through the UI anytime something goes wrong when you are trying to configure the Resilient Add-on. It often times can be very misleading! The real detail will be in the ...

RE: URLScan.io no report

Posted By Brian Reid Fri July 17, 2020 09:50 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Adam, What version if fn_urlscanio are you using? URLScan.io does not update the artifact description by default. The python code creates an attachment on the incident. If you want, you could utilize the results object in the post-processing script to update the incident description. You could ...

RE: Plugin "X-Force Collections for Resilient" brings no results

Posted By Brian Reid Tue July 14, 2020 11:08 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread

RE: Plugin "X-Force Collections for Resilient" brings no results

Posted By Brian Reid Tue July 14, 2020 11:08 AM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hello Vitor, Thank you for your submission. Currently, we only support querying X-Force casefiles/collections by a query string or collection ID. We do not support the IP reputation feature within X-Force at this time. You can mimic your query by searching for the target IP within collections here ...