IBM Security QRadar SOAR

 View Only
  • 1.  Accessing Credentials from Playbook as Encrypted and Secured

    Posted Thu December 01, 2022 12:01 PM
    Hi All,

    We are working on developing a playbook which require credentials to be placed inside one of the function task.
    Is it possible to hide those credentials inside playbook task?
    Is it possible to place those credentials securely somewhere in Resilient and access it inside our playbook?
    Let me know if you have any further queries on this.

    ------------------------------
    Shubham Agarwal
    ------------------------------


  • 2.  RE: Accessing Credentials from Playbook as Encrypted and Secured

    Posted Fri December 02, 2022 10:49 AM
    As of right now there is no way to add secure credentials within a playbook.

    ------------------------------
    Richard Swierk
    ------------------------------



  • 3.  RE: Accessing Credentials from Playbook as Encrypted and Secured

    Posted Sun December 04, 2022 09:58 PM
    Hi Richard,

    Currently we are using "Utilities: Call REST API" function which is part of Utility function app. 
    For example if we have to call an API of Crowdstrike we are using utility function to call the API endpoint. But for authentication purpose we require access token to be passed inside Utility function. But how we will hide access token inside Utility function while running our playbook. 


    ------------------------------
    Shubham Agarwal
    ------------------------------



  • 4.  RE: Accessing Credentials from Playbook as Encrypted and Secured

    Posted Tue December 06, 2022 09:49 AM
    As of now there is no way to do this within a playbook. The only way I can think of to secure the access token would be to edit the utilities integration itself. A new setting would have to be added to the app.config for the authorization token. Then the Utilities function that is being called would have to be edited to use the new setting from the app.config.

    ------------------------------
    Richard Swierk
    ------------------------------