• The playbook is triggered upon receiving certain artifact types (i.e. Hash value of file)
• Grab the value of the artifact and artifact type and let user assign label to similar artifact, to tag the artifact for further action needed (i.e. safe or suspicious hash value)

• There is no option to accept user input in the automatic playbook (where the manual one have activation form that can be grab by the function later on)

• For every tag option that user is available to select (i.e safe or suspicious) , a new playbook is created. So if there is two selection available, there will be two different playbook implemented.
• For this situation, the user can run automatic playbook for all the artifact that they want to group in one label. So user will turn on the related playbook for one selection run

• Complexity issue, it will be very difficult to implement solution to a menu item that requires multiple user input where the option relates which each other
• Inter-dependency, sometimes it is not possible to separate a selection into a single playbook because a function will related to other
• Unable to capture unique input from user for example "file name" because playbook can only covers certain use-case.

Is there any update on this method?

------------------------------
Luqman Nur
Techlab

Original Message:
Sent: Thu February 02, 2023 09:55 PM
From: Luqman Nur
Subject: Alternative way to group similar action to an artifact

Hi IBM community,


I want to ask regarding the implementation of grouping artifacts and doing bulk function with them. I am specifically referring to this feature:
https://login.ibm.com/oidc/sps/auth?client_id=OGFlMGY3ZDItZGNkOC00&Target=https%3A%2F%2Flogin.ibm.com%2Foidc%2Fendpoint%2Fdefault%2Fauthorize%3FqsId%3D5ecc9163-14f8-4e91-8810-8e85f4ff4f71%26client_id%3DOGFlMGY3ZDItZGNkOC00

Due to the unavailability of this solution, is there any available alternative?

My current implementation is of the following:

• The playbook is triggered upon receiving certain artifact types (i.e. Hash value of file)
• Grab the value of the artifact and artifact type and let user assign label to similar artifact, to tag the artifact for further action needed (i.e. safe or suspicious hash value)

Issue that I am facing:

• There is no option to accept user input in the automatic playbook (where the manual one have activation form that can be grab by the function later on)

My current idea to circumvent the issue:

• For every tag option that user is available to select (i.e safe or suspicious) , a new playbook is created. So if there is two selection available, there will be two different playbook implemented.
• For this situation, the user can run automatic playbook for all the artifact that they want to group in one label. So user will turn on the related playbook for one selection run

Possible problem for my implementation:

• Complexity issue, it will be very difficult to implement solution to a menu item that requires multiple user input where the option relates which each other
• Inter-dependency, sometimes it is not possible to separate a selection into a single playbook because a function will related to other
• Unable to capture unique input from user for example "file name" because playbook can only covers certain use-case.

I'm sure there are more problem that I could not think of with this implementation but currently this is the best that I could think of. Is there anyone that have come across this issue? , If so how would you manage your unique workflow to overcome this limitation?

I hope I can get some clarification with this feature, any guidance will be very helpful to my understanding of IBM SOAR as a whole. Thanks for reading

Best regards,







------------------------------
Luqman Nur
Techlab
------------------------------

Hello @Luqman Nur , Can I get your contact/email to talk regarding IBM SOAR? Would appreciate

------------------------------
Nouman Ahmad

Original Message:
Sent: Sun February 12, 2023 08:10 PM
From: Luqman Nur
Subject: Alternative way to group similar action to an artifact

Is there any update on this method?

------------------------------
Luqman Nur
Techlab

Original Message:
Sent: Thu February 02, 2023 09:55 PM
From: Luqman Nur
Subject: Alternative way to group similar action to an artifact

Hi IBM community,


I want to ask regarding the implementation of grouping artifacts and doing bulk function with them. I am specifically referring to this feature:
https://login.ibm.com/oidc/sps/auth?client_id=OGFlMGY3ZDItZGNkOC00&Target=https%3A%2F%2Flogin.ibm.com%2Foidc%2Fendpoint%2Fdefault%2Fauthorize%3FqsId%3D5ecc9163-14f8-4e91-8810-8e85f4ff4f71%26client_id%3DOGFlMGY3ZDItZGNkOC00

Due to the unavailability of this solution, is there any available alternative?

My current implementation is of the following:

• The playbook is triggered upon receiving certain artifact types (i.e. Hash value of file)
• Grab the value of the artifact and artifact type and let user assign label to similar artifact, to tag the artifact for further action needed (i.e. safe or suspicious hash value)

Issue that I am facing:

• There is no option to accept user input in the automatic playbook (where the manual one have activation form that can be grab by the function later on)

My current idea to circumvent the issue:

• For every tag option that user is available to select (i.e safe or suspicious) , a new playbook is created. So if there is two selection available, there will be two different playbook implemented.
• For this situation, the user can run automatic playbook for all the artifact that they want to group in one label. So user will turn on the related playbook for one selection run

Possible problem for my implementation:

• Complexity issue, it will be very difficult to implement solution to a menu item that requires multiple user input where the option relates which each other
• Inter-dependency, sometimes it is not possible to separate a selection into a single playbook because a function will related to other
• Unable to capture unique input from user for example "file name" because playbook can only covers certain use-case.

I'm sure there are more problem that I could not think of with this implementation but currently this is the best that I could think of. Is there anyone that have come across this issue? , If so how would you manage your unique workflow to overcome this limitation?

I hope I can get some clarification with this feature, any guidance will be very helpful to my understanding of IBM SOAR as a whole. Thanks for reading

Best regards,







------------------------------
Luqman Nur
Techlab
------------------------------

Hi Nouman, anything you can just go through the community portal

Hello @Luqman Nur , Can I get your contact/email to talk regarding IBM SOAR? Would appreciate

Is there any update on this method?

• The playbook is triggered upon receiving certain artifact types (i.e. Hash value of file)
• Grab the value of the artifact and artifact type and let user assign label to similar artifact, to tag the artifact for further action needed (i.e. safe or suspicious hash value)

• There is no option to accept user input in the automatic playbook (where the manual one have activation form that can be grab by the function later on)

• For every tag option that user is available to select (i.e safe or suspicious) , a new playbook is created. So if there is two selection available, there will be two different playbook implemented.
• For this situation, the user can run automatic playbook for all the artifact that they want to group in one label. So user will turn on the related playbook for one selection run

• Complexity issue, it will be very difficult to implement solution to a menu item that requires multiple user input where the option relates which each other
• Inter-dependency, sometimes it is not possible to separate a selection into a single playbook because a function will related to other
• Unable to capture unique input from user for example "file name" because playbook can only covers certain use-case.