If you choose to go this route I recommend using Playbook instead of a Rule. Playbooks are the way of the future.
Ben
------------------------------
Ben Lurie
------------------------------
Original Message:
Sent: Mon April 25, 2022 11:56 AM
From: Chaitanya Challa
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?
Hi Betul,
How is the output of Splunk query presented to SOAR? If that is stored in an incident field - you can configure an automatic rule to trigger whenever that fields changes or has a certain value. There are other objects on which the automatic rule can also be configured to trigger
------------------------------
Chaitanya Challa
Original Message:
Sent: Thu April 21, 2022 02:17 AM
From: Betul Uyanik
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?
Hi team,
How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?
tHANKS
------------------------------
Betul Uyanik
------------------------------