IBM Security QRadar SOAR

Hi team,

How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?

tHANKS

------------------------------
Betul Uyanik
------------------------------

Hi Betul,

Take a look at our fn_scheduler app: https://exchange.xforce.ibmcloud.com/hub/extension/4917b8a4bb53c46a7c63efa4e65238e4. There are a number of ways to schedule rules (ie workflows) from a function.  We're adding capability to work with playbooks now as that is our new capability replacing rules/workflows ongoing.

Regards,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Thu April 21, 2022 02:17 AM
From: Betul Uyanik
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?

Hi team,

How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?

tHANKS

------------------------------
Betul Uyanik
------------------------------

Hi Betul,

How is the output of Splunk query presented to SOAR? If that is stored in an incident field - you can configure an automatic rule to trigger whenever that fields changes or has a certain value. There are other objects on which the automatic rule can also be configured to trigger

------------------------------
Chaitanya Challa
------------------------------

Original Message:
Sent: Thu April 21, 2022 02:17 AM
From: Betul Uyanik
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?

Hi team,

How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?

tHANKS

------------------------------
Betul Uyanik
------------------------------

If you choose to go this route I recommend using Playbook instead of a Rule. Playbooks are the way of the future.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Mon April 25, 2022 11:56 AM
From: Chaitanya Challa
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?

Hi Betul,

How is the output of Splunk query presented to SOAR? If that is stored in an incident field - you can configure an automatic rule to trigger whenever that fields changes or has a certain value. There are other objects on which the automatic rule can also be configured to trigger

------------------------------
Chaitanya Challa

Original Message:
Sent: Thu April 21, 2022 02:17 AM
From: Betul Uyanik
Subject: How can I trigger workflow without IBM Qradar offense in Qradar SOAR?

Hi team,

How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?

tHANKS

------------------------------
Betul Uyanik
------------------------------