IBM Security QRadar SOAR

 View Only
  • 1.  Send Payload and additional artifacts via outbound email

    Posted Fri April 01, 2022 08:45 AM
    Hello,
          We have installed outbound email app in SOAR for sending automatic email alerts, For this we configured playbook against incident and called outbound email function in our playbook. Workfow is successfully run and we get automatic email alerts, but we fing incident details in email mentioned below

    1. Incident status
    2. Incident severity
    3. Date created

    Also we find incident discription, the information in descriptuion includes
    1. Event name
    2. Source IP
    3. Destination IP
    4. User name

    But we need some more details in our email alerts
    1. Log source name
    2. Payload information

    Can anyone help me in this regards ?

    ------------------------------
    Hafiz Tabish Imran Bilgrami
    ------------------------------


  • 2.  RE: Send Payload and additional artifacts via outbound email

    Posted Mon April 04, 2022 08:25 AM
    Where is the data you are looking for stored? Is it on the Incident object or some other object? A playbook has access to all the object data.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: Send Payload and additional artifacts via outbound email

    Posted Mon April 04, 2022 09:13 AM

    Hi Hafiz,

    The email content is controlled by a template file which you can modify and change with your own formatted fields. See the documentation regarding the app.config setting `pemorcrtfiletemplate_fileYesdatapemorcrtfiletemplate_fileYesdatatemplate_file`.

    The default template is mostly html but is formatted using a python package called jinja2 for field substitution. Here's the default template which you can modify and refer to using that `template_file` setting.

    https://github.com/ibmresilient/resilient-community-apps/blob/master/fn_outbound_email/fn_outbound_email/data/templates/example_send_email.jinja



    ------------------------------
    Mark Scherfling
    ------------------------------



  • 4.  RE: Send Payload and additional artifacts via outbound email

    Posted Mon April 11, 2022 06:16 AM
    Can you please send me the doc of Jinja 2 ?

    ------------------------------
    Hafiz Tabish Imran Bilgrami
    ------------------------------



  • 5.  RE: Send Payload and additional artifacts via outbound email

    Posted Mon April 11, 2022 07:48 AM
    Hi Hafiz,

    You can find the documentation on Jinja here: https://jinja.palletsprojects.com/en/3.1.x/.

    Regards,
    Mark

    ------------------------------
    Mark Scherfling
    ------------------------------