IBM QRadar SOAR

 View Only

  • 1.  clone playbook with activation form

    Posted Mon October 24, 2022 04:26 AM
    Reply
    I failed to copy those playbooks which have activation form. Is it a bug or not implemented yet?
    My soar versions are as follows:
       soar: 46.2
       resilient-sdk: 46.0.3461 
    # resilient-sdk clone -pb playbook01 clone_playbook01
  :
Traceback (most recent call last):
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient/co3.py", line 745, in put
    response = super(SimpleClient, self).put(uri, payload, co3_context_token, timeout)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient/co3base.py", line 634, in put
    BasicHTTPException.raise_if_error(response)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient/co3base.py", line 80, in raise_if_error
    raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: 'resilient' API Request FAILED:
Response Code: 400
Reason: Unknown Reason. {"success":false,"title":null,"message":"Playbook input form contains invalid field types: playbook_2fe9ed93_458c_4e7e_9093_ca76fc44a43a.","hints":[],"error_code":"generic"}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/venv/soarqit/bin/resilient-sdk", line 33, in <module>
    sys.exit(load_entry_point('resilient-sdk==46.0.3461', 'console_scripts', 'resilient-sdk')())
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient_sdk/app.py", line 183, in main
    cmd_clone.execute_command(args)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient_sdk/cmds/clone.py", line 213, in execute_command
    add_configuration_import(new_export_data, CmdClone.res_client)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient_sdk/util/sdk_helpers.py", line 469, in add_configuration_import
    confirm_configuration_import(result, result.get("id"), res_client)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient_sdk/util/sdk_helpers.py", line 496, in confirm_configuration_import
    res_client.put(uri, result)
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient/co3.py", line 747, in put
    _raise_if_error(ex.get_response())
  File "/root/venv/soarqit/lib/python3.6/site-packages/resilient/co3.py", line 218, in _raise_if_error
    raise SimpleHTTPException(response)
resilient.co3.SimpleHTTPException: :  {"success":false,"title":null,"message":"Playbook input form contains invalid field types: playbook_2fe9ed93_458c_4e7e_9093_ca76fc44a43a.","hints":[],"error_code":"generic"}​


    ------------------------------
    Yohji Amano
    ------------------------------


  • 2.  RE: clone playbook with activation form

    Posted Tue October 25, 2022 08:36 AM
    Reply
    Activation forms are unfortunately not yet supported by the SDK, however, they will be supported with the v47 release of the SDK (targeted for November). In the meantime, there is a workaround: remove the activation form from the original playbook. Use the SDK to clone that playbook, and then manually reenter the activation form on the original playbook and the cloned playbook.

    ------------------------------
    Christopher Chang
    ------------------------------

    Original Message


  • 3.  RE: clone playbook with activation form

    Posted Tue October 25, 2022 07:22 PM
    Reply
    Christopher, thank you for your reply and suggestions.
    I'll wait for V47 and refer to the workaround for the time being.

    ------------------------------
    Yohji Amano
    ------------------------------

    Original Message


Related Content