IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  During/after escalation create note of the escalation and its date

    Posted Wed February 05, 2020 04:39 AM
    Hi All,

    Is it possible that during/after escalation to create an automatic note which contains the fact of the escalation, it's date, the incident number, and its URL even as text format?

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 05, 2020 02:47 PM
    Hi Adam,

    Can you please clarify?

    When an offense is escalated, QRadar automatically creates a note on the offense.  
    Ann offense that was automatically escalated has a note like this:

    Incident created in Resilient:
    https://x.xx.xxx.xxx/#incidents/2519?tab=ccf4e648-5af4-4dc0-8f6a-19aff3a7eeb6
    and includes the Username and Creation Date

    An offense that was manually escalated has a note like this:

    Manual escalation of offense to Resilient initiated
    and includes the Username and Creation Date

    AnnMarie

    ------------------------------
    AnnMarie Norcross
    ------------------------------

    Original Message


  • 3.  RE: During/after escalation create note of the escalation and its date

    Posted Thu February 06, 2020 02:25 AM
    Hi AnnMarie,

    I know but can the note be modified? If it can be, how can I insert information in?

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 4.  RE: During/after escalation create note of the escalation and its date

    Posted Thu February 06, 2020 08:52 AM
    It is possible to modify the note. Create a rule on note creation that runs a script that would update the note text:




    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 5.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 03:32 AM
    Hi Ben,

    Thank you.

    Have any chance that you already have a script like that and share it?

    Thank you.

    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 6.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 08:40 AM
    I realize that the original question may be about updating the note in Qradar. The strategy I posted was for updating a note in Resilient. Anyway, if you do want to update the note in Resilient, this script would do so:



    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 7.  RE: During/after escalation create note of the escalation and its date

    Posted Wed February 12, 2020 09:46 AM
    Hi Ben,

    I meant updating note in Resilient, yes but I need to insert into the note is the date, the incident number, and its URL.

    Is this possible?

    Thank you.

    ------------------------------
    Adam
    ------------------------------

    Original Message


Related Content