IBM Security QRadar SOAR

HI IBM community,

I want to ask regarding the implementation of mx lookup for IBM SOAR Playbook. Using the function from app exchange below:

The function from what I understand, called the mxtoolbox via API call and will return back output to the playbook (via post process script?). Currently I want to analyse email header via playbook and ask the mxtoolbox to communicate and return me the result. However, upon reading the documentation, I have not found example on how to configure it. What inputs should the mx function receives to work in my use-case.

Thanks in advance.

------------------------------
Luqman Nur
------------------------------

You are going to have to go into the customization settings and edit the function input named `mx_command`. You will have to add a new option named, `emailheaders`, then save it. Now in your playbook your function input for `mx_command` will be emailheaders and your input for `mx_argument` will be the email header you want to analysis.

------------------------------
Richard Swierk
------------------------------

Original Message:
Sent: Wed December 14, 2022 10:29 PM
From: Luqman Nur
Subject: MX lookup function

HI IBM community,

I want to ask regarding the implementation of mx lookup for IBM SOAR Playbook. Using the function from app exchange below:

The function from what I understand, called the mxtoolbox via API call and will return back output to the playbook (via post process script?). Currently I want to analyse email header via playbook and ask the mxtoolbox to communicate and return me the result. However, upon reading the documentation, I have not found example on how to configure it. What inputs should the mx function receives to work in my use-case.

Thanks in advance.

------------------------------
Luqman Nur
------------------------------

Hi Richard,

Thanks for the guide. Just want to confirm that the script will be something along this line?



Also I just edit the functions in the customisation tab where I add the "email_header" in the mx_command. I have encountered different error relating to the API call where the email_header is a bad request (status code: 400). I have look the mxtoolbox website for the API documentation, but it only links to the product page. Is it possible that the product only for paid customers



------------------------------
Luqman Nur
Techlab
------------------------------

Original Message:
Sent: Thu December 15, 2022 10:53 AM
From: Richard Swierk
Subject: MX lookup function

You are going to have to go into the customization settings and edit the function input named `mx_command`. You will have to add a new option named, `emailheaders`, then save it. Now in your playbook your function input for `mx_command` will be emailheaders and your input for `mx_argument` will be the email header you want to analysis.

------------------------------
Richard Swierk

Original Message:
Sent: Wed December 14, 2022 10:29 PM
From: Luqman Nur
Subject: MX lookup function

HI IBM community,

I want to ask regarding the implementation of mx lookup for IBM SOAR Playbook. Using the function from app exchange below:

The function from what I understand, called the mxtoolbox via API call and will return back output to the playbook (via post process script?). Currently I want to analyse email header via playbook and ask the mxtoolbox to communicate and return me the result. However, upon reading the documentation, I have not found example on how to configure it. What inputs should the mx function receives to work in my use-case.

Thanks in advance.

------------------------------
Luqman Nur
------------------------------