IBM Security QRadar SOAR

 View Only
  • 1.  Making a task private from a script

    Posted Mon June 27, 2022 03:49 PM
    Hi
    I created a very simple playbook for a task object which is activated when the task is created and is of a specific name.
    The playbook only consists of one script to assign the task to a specific group and mark the task as private.
    The script only as 2 lines:

    task.owner_id = "Some group"
    task.private=True

    When I look at the task Members tab after the playbook has executed, the task is still in a public state, ie I see the field "Mark task private" with the value Off.
    I thought the private field would be a boolean field but this not seems to be the case.
    How can I make a task private using a script?

    Thank you for your help.


    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Making a task private from a script

    Posted Tue June 28, 2022 08:05 AM
    Hi Pierre

    The SOAR documentation at this point unfortunately is incomplete.

    Even the TaskDTO documentation (https://resilient.localdomain/docs/rest-api/json_TaskDTO.html) provides absolutely no information or any useful information about task privacy.

    That said, the way to make a task private is to assign members to it.

    When a task has members assigned, it automatically changes its state to "private"

    So your script must have something like this

    task.members = ['abc@br.ibm.com', 'xyz@ibm.com']

    instead of

    task.private = True

    Also, I am afraid task.private receives a value that is an object, not a boolean, but I have absolutely no idea how this object looks like because the documentation simply does not provide any info about this. However, setting the task members will do the trick.

    I hope it helps.

    ------------------------------
    []

    Leonardo Kenji Shikida
    ------------------------------



  • 3.  RE: Making a task private from a script

    Posted Wed June 29, 2022 11:25 AM
    Hi Leonardo,

    Thanks for the tip. It did the trick!

    I suppose a boolean value would have been too simple.  :-)
    Or there should some obscure reason.

    As you said it, the documentation should be more explicit about this. 


    ------------------------------
    Pierre Dufresne
    ------------------------------