IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Automatic assigning tasks when the owner of an incident changes

  • 1.  Automatic assigning tasks when the owner of an incident changes

    Posted Wed May 31, 2023 12:32 AM

    Hi team,
    I'm looking to automatically change the owner of all the open tasks of a given incident, every time the owner of such incident is changed.
    Any idea how this could be achieved?
    I tried using scripts, but if the trigger is on the task object I'm missing the change of incident ownership, and if the trigger is on the incident object I'm missing the tasks objects.

    Thank you :)



    ------------------------------
    LUCIANO ZEPPA
    ------------------------------


  • 2.  RE: Automatic assigning tasks when the owner of an incident changes

    Posted Wed May 31, 2023 09:19 AM

    Hi,
    Maybe you could take a look at this SOAR REST API: /orgs/{org_id}/incidents/{inc_id}/tasks.
    This would return all the tasks associated with an incident.

    The way I see it, you would need to install the "Utility Functions for SOAR" package from which you would run the Call rest API function to get the tasks.
    Then, you could use the Update Task function of the Task Utilities packages to update each task that needs to be updated.

    I suggest you take a look at the API by using the Interactive REST API topic of the Help menu in the SOAR console.

    HTH



    ------------------------------
    Pierre Dufresne
    ------------------------------