IBM Security QRadar SOAR

 View Only

  • 1.  How to add Shift Management features on IBM QRadar SOAR?

    Posted Mon April 17, 2023 09:39 AM

    Hello there,

    I need these specific features on IBM QRadar SOAR, can you check if it's available?

    1. Auto assign Owner based on weekly/monthly Shift management excel file (such as today 1AM-1PM then assign to Mr.A, today 1PM-1AM then assign to Mr.B)
    2. During Shift handover, allow users to run a playbook periodically and automatically to change previous On-call guy to current On-call guy.

    Thanks,



    ------------------------------
    nguyen le
    ------------------------------


  • 2.  RE: How to add Shift Management features on IBM QRadar SOAR?

    Posted Thu April 20, 2023 01:08 AM

    hello, any helps?



    ------------------------------
    nguyen le
    ------------------------------

    Original Message


  • 3.  RE: How to add Shift Management features on IBM QRadar SOAR?

    Posted Fri April 21, 2023 09:57 AM

    Hi Nguyễn,

    For 1), it's possible to create a playbook which runs when a new case is created and makes assignments based on a lookup table of personnel and the current timeframe. 
    As for 2), the same playbook (or a copy for manual execution) can be run which reassigns cases based on the same lookup table and the current timeframe.

    There is no easy way to schedule a playbook to execute across all playbooks and make this shift assignment automatically. Additional logic would be needed in a custom app to perform that logic. But that's a much more complicated endeavor.

    Hope this helps,

    Mark



    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message


  • 4.  RE: How to add Shift Management features on IBM QRadar SOAR?

    Posted Fri April 21, 2023 02:25 PM

    Appreciate your answer, it's quite clear now.



    ------------------------------
    nguyen le
    ------------------------------

    Original Message


  • 5.  RE: How to add Shift Management features on IBM QRadar SOAR?

    Posted Wed April 26, 2023 09:23 AM

    Hi,
    For each use case playbook, you could also start an "assignment playbook" which would look something like the picture below.
    First, it checks if the incident is closed and if so, does nothing and exits.
    If the incident is not closed, use a script to make the necessary change to the assigment.
    Then find out the time for the next shift that you should use to set the timer function.
    When the timer expires, it means it is time to reassign, if the incident is not closed.

    I can't assure you it would really work, but it can give you some ideas.




    ------------------------------
    Pierre Dufresne
    ------------------------------

    Original Message