IBM QRadar SOAR

Hi all

I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying  an additional condition.

Is is possible or will disturb on the generic close condition for notification? I am not able to get it run.

Is is possible to see a log for notification matches?
Where can we see the smtp logs for sending the notifications? 

Cheers, and thanks for sharing
Oscar

------------------------------
Oscar López
------------------------------

Are the default notifications being sent out? That will ensure that it is not an SMTP issue.

Unfortunately there are no logs about notification matches.

It would help if can post a screenshot with the notification definition you have set up.

Another thing is that the person that caused the notification to be generated won't receive it (otherwise they would receive notifications for everything they did). So make sure you are testing with two different users.

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Tue November 26, 2019 06:59 PM
From: Oscar López
Subject: Email notification condition issue on close an incident

Hi all

I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying  an additional condition.

Is is possible or will disturb on the generic close condition for notification? I am not able to get it run.

Is is possible to see a log for notification matches?
Where can we see the smtp logs for sending the notifications? 

Cheers, and thanks for sharing
Oscar

------------------------------
Oscar López
------------------------------

Hi Ben,
Thanks for answering, we will test again.
Definitively this could be the reason, the person that caused the notification to be generated won't receive it 
Best regards
Oscar

------------------------------
Oscar López
------------------------------

Original Message:
Sent: Wed November 27, 2019 08:08 AM
From: Ben Lurie
Subject: Email notification condition issue on close an incident

Are the default notifications being sent out? That will ensure that it is not an SMTP issue.

Unfortunately there are no logs about notification matches.

It would help if can post a screenshot with the notification definition you have set up.

Another thing is that the person that caused the notification to be generated won't receive it (otherwise they would receive notifications for everything they did). So make sure you are testing with two different users.

------------------------------
Ben Lurie

Original Message:
Sent: Tue November 26, 2019 06:59 PM
From: Oscar López
Subject: Email notification condition issue on close an incident

Hi all

I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying  an additional condition.

Is is possible or will disturb on the generic close condition for notification? I am not able to get it run.

Is is possible to see a log for notification matches?
Where can we see the smtp logs for sending the notifications? 

Cheers, and thanks for sharing
Oscar

------------------------------
Oscar López
------------------------------

Hi Ben

A log on SMTP will help a lot
>Unfortunately there are no logs about notification matches.

The issue is that we are not receiving the notifications on close when a particular code is set to a value. Default on close notification are not beeing received too.

Best regards
Oscar




------------------------------
Oscar López
------------------------------

Original Message:
Sent: Wed November 27, 2019 08:08 AM
From: Ben Lurie
Subject: Email notification condition issue on close an incident

Are the default notifications being sent out? That will ensure that it is not an SMTP issue.

Unfortunately there are no logs about notification matches.

It would help if can post a screenshot with the notification definition you have set up.

Another thing is that the person that caused the notification to be generated won't receive it (otherwise they would receive notifications for everything they did). So make sure you are testing with two different users.

------------------------------
Ben Lurie

Original Message:
Sent: Tue November 26, 2019 06:59 PM
From: Oscar López
Subject: Email notification condition issue on close an incident

Hi all

I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying  an additional condition.

Is is possible or will disturb on the generic close condition for notification? I am not able to get it run.

Is is possible to see a log for notification matches?
Where can we see the smtp logs for sending the notifications? 

Cheers, and thanks for sharing
Oscar

------------------------------
Oscar López
------------------------------

I set up this test notification on incident close:



------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed December 04, 2019 06:56 AM
From: Oscar López
Subject: Email notification condition issue on close an incident

Hi Ben

A log on SMTP will help a lot
>Unfortunately there are no logs about notification matches.

The issue is that we are not receiving the notifications on close when a particular code is set to a value. Default on close notification are not beeing received too.

Best regards
Oscar




------------------------------
Oscar López

Original Message:
Sent: Wed November 27, 2019 08:08 AM
From: Ben Lurie
Subject: Email notification condition issue on close an incident

Are the default notifications being sent out? That will ensure that it is not an SMTP issue.

Unfortunately there are no logs about notification matches.

It would help if can post a screenshot with the notification definition you have set up.

Another thing is that the person that caused the notification to be generated won't receive it (otherwise they would receive notifications for everything they did). So make sure you are testing with two different users.

------------------------------
Ben Lurie

Original Message:
Sent: Tue November 26, 2019 06:59 PM
From: Oscar López
Subject: Email notification condition issue on close an incident

Hi all

I would like to make a concrete/specific notification (match a condiction field on an incident) and make a "close incident" different from default when status is changed to closed applying  an additional condition.

Is is possible or will disturb on the generic close condition for notification? I am not able to get it run.

Is is possible to see a log for notification matches?
Where can we see the smtp logs for sending the notifications? 

Cheers, and thanks for sharing
Oscar

------------------------------
Oscar López
------------------------------