IBM Security QRadar SOAR

Hello,

I have few common questions and don't know this is an issue or I do something wrong. I have latest version - 45.1.42

1 Issue. When I try to add some Notes with a file hyperlink it doesn't work:

file_hyperlink = 'file://///some_network_share_path/file.txt'
note_text = u'Some {0} notes: <a target="blank" href="{1}">{2}</a>'.format(x, file_hyperlink, y)
incident.addNote(helper.createRichText(note_text))

2 Issue. I have few Incident activated playbook.
My condition for playbook 1:
IF incident.name contains "Rule_X"
AND incident.workspace is equal to "X"

My condition for playbook 2:
Advance: 1 AND (2 OR 3)
1 incident.workspace is equal to "X"
2 incident.name dos not contains "Rule_X"
3 incident.name dos not contains "Rule_Y"

If incident with name Rule_X activated both playbook triggered.

------------------------------
Alexey Fedorov
------------------------------

Hi Alexey

Regarding question 2, I think the name Rule_X satisfies the condition "incident.name does not contains Rule_Y"

Maybe the condition for playbook 2 should be 1 AND 2 AND 3, right?

TIA

Leo

​

------------------------------
[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Mon June 20, 2022 05:36 AM
From: Alexey Fedorov
Subject: Common question

Hello,

I have few common questions and don't know this is an issue or I do something wrong. I have latest version - 45.1.42

1 Issue. When I try to add some Notes with a file hyperlink it doesn't work:

file_hyperlink = 'file://///some_network_share_path/file.txt'
note_text = u'Some {0} notes: <a target="blank" href="{1}">{2}</a>'.format(x, file_hyperlink, y)
incident.addNote(helper.createRichText(note_text))

2 Issue. I have few Incident activated playbook.
My condition for playbook 1:
IF incident.name contains "Rule_X"
AND incident.workspace is equal to "X"

My condition for playbook 2:
Advance: 1 AND (2 OR 3)
1 incident.workspace is equal to "X"
2 incident.name dos not contains "Rule_X"
3 incident.name dos not contains "Rule_Y"

If incident with name Rule_X activated both playbook triggered.

------------------------------
Alexey Fedorov
------------------------------

Hello Leonardo,

You are right! My mistake.

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Tue June 21, 2022 05:27 AM
From: Leonardo Kenji Shikida
Subject: Common question

Hi Alexey

Regarding question 2, I think the name Rule_X satisfies the condition "incident.name does not contains Rule_Y"

Maybe the condition for playbook 2 should be 1 AND 2 AND 3, right?

TIA

Leo

​

------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Mon June 20, 2022 05:36 AM
From: Alexey Fedorov
Subject: Common question

Hello,

I have few common questions and don't know this is an issue or I do something wrong. I have latest version - 45.1.42

1 Issue. When I try to add some Notes with a file hyperlink it doesn't work:

file_hyperlink = 'file://///some_network_share_path/file.txt'
note_text = u'Some {0} notes: <a target="blank" href="{1}">{2}</a>'.format(x, file_hyperlink, y)
incident.addNote(helper.createRichText(note_text))

2 Issue. I have few Incident activated playbook.
My condition for playbook 1:
IF incident.name contains "Rule_X"
AND incident.workspace is equal to "X"

My condition for playbook 2:
Advance: 1 AND (2 OR 3)
1 incident.workspace is equal to "X"
2 incident.name dos not contains "Rule_X"
3 incident.name dos not contains "Rule_Y"

If incident with name Rule_X activated both playbook triggered.

------------------------------
Alexey Fedorov
------------------------------