IBM Security QRadar SOAR

Hello,

What is a proper way to check task status for current incident trough a script?
I need to check if a some task close or not and make a decision.

------------------------------
Alexey Fedorov
------------------------------

Hi Alexey

It's not exactly what you're asking for but this may be useful.

You can access the current incident.phase_id from the script.

If each task in associated to a different phase, it can somewhat provide the info you need.

Usually, what you can do it quite the other way around: you can create a rule for the incident using the task as the rule object type (and then, you can create also a workflow and a script both using the task as object type and use in the rule), this way you have access to the task context object and its methods.

And of course, if that task is in your workflow or playbook, the flow blocks until you close that task.

These are the options I can envision for your situation.

------------------------------
[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Wed June 29, 2022 06:06 AM
From: Alexey Fedorov
Subject: Task status

Hello,

What is a proper way to check task status for current incident trough a script?
I need to check if a some task close or not and make a decision.

------------------------------
Alexey Fedorov
------------------------------

Hello Leonardo,

I think your solution not for my case. My issue is I have a playbook and this playbook has a few threads. All those threads can be or can not be (this is why I can't use "Wait point" decision points) and I faced with an issue:

Error status

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Thu June 30, 2022 09:36 AM
From: Leonardo Kenji Shikida
Subject: Task status

Hi Alexey

It's not exactly what you're asking for but this may be useful.

You can access the current incident.phase_id from the script.

If each task in associated to a different phase, it can somewhat provide the info you need.

Usually, what you can do it quite the other way around: you can create a rule for the incident using the task as the rule object type (and then, you can create also a workflow and a script both using the task as object type and use in the rule), this way you have access to the task context object and its methods.

And of course, if that task is in your workflow or playbook, the flow blocks until you close that task.

These are the options I can envision for your situation.

------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Wed June 29, 2022 06:06 AM
From: Alexey Fedorov
Subject: Task status

Hello,

What is a proper way to check task status for current incident trough a script?
I need to check if a some task close or not and make a decision.

------------------------------
Alexey Fedorov
------------------------------

I am sorry, I don't understand exactly what you're trying to do.

------------------------------
[]

Leonardo Kenji Shikida
------------------------------

Original Message:
Sent: Fri July 01, 2022 02:06 AM
From: Alexey Fedorov
Subject: Task status

Hello Leonardo,

I think your solution not for my case. My issue is I have a playbook and this playbook has a few threads. All those threads can be or can not be (this is why I can't use "Wait point" decision points) and I faced with an issue:

Error status

An error occurred while processing the action acknowledgement. Additional information: The requested operation could not be completed because of an error in a playbook. Have your System Administrator check the application log for details. Task 10383 has been closed task_name was provided; Searching incident 4835 for first matching task with name 'Task name'

------------------------------
Alexey Fedorov

Original Message:
Sent: Thu June 30, 2022 09:36 AM
From: Leonardo Kenji Shikida
Subject: Task status

Hi Alexey

It's not exactly what you're asking for but this may be useful.

You can access the current incident.phase_id from the script.

If each task in associated to a different phase, it can somewhat provide the info you need.

Usually, what you can do it quite the other way around: you can create a rule for the incident using the task as the rule object type (and then, you can create also a workflow and a script both using the task as object type and use in the rule), this way you have access to the task context object and its methods.

And of course, if that task is in your workflow or playbook, the flow blocks until you close that task.

These are the options I can envision for your situation.

------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Wed June 29, 2022 06:06 AM
From: Alexey Fedorov
Subject: Task status

Hello,

What is a proper way to check task status for current incident trough a script?
I need to check if a some task close or not and make a decision.

------------------------------
Alexey Fedorov
------------------------------

------------------------------
Alexey Fedorov
------------------------------

Original Message:
Sent: Fri July 01, 2022 07:30 AM
From: Leonardo Kenji Shikida
Subject: Task status

I am sorry, I don't understand exactly what you're trying to do.

------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Fri July 01, 2022 02:06 AM
From: Alexey Fedorov
Subject: Task status

Hello Leonardo,

I think your solution not for my case. My issue is I have a playbook and this playbook has a few threads. All those threads can be or can not be (this is why I can't use "Wait point" decision points) and I faced with an issue:

Error status

An error occurred while processing the action acknowledgement. Additional information: The requested operation could not be completed because of an error in a playbook. Have your System Administrator check the application log for details. Task 10383 has been closed task_name was provided; Searching incident 4835 for first matching task with name 'Task name'

------------------------------
Alexey Fedorov

Original Message:
Sent: Thu June 30, 2022 09:36 AM
From: Leonardo Kenji Shikida
Subject: Task status

Hi Alexey

It's not exactly what you're asking for but this may be useful.

You can access the current incident.phase_id from the script.

If each task in associated to a different phase, it can somewhat provide the info you need.

Usually, what you can do it quite the other way around: you can create a rule for the incident using the task as the rule object type (and then, you can create also a workflow and a script both using the task as object type and use in the rule), this way you have access to the task context object and its methods.

And of course, if that task is in your workflow or playbook, the flow blocks until you close that task.

These are the options I can envision for your situation.

------------------------------
[]

Leonardo Kenji Shikida

Original Message:
Sent: Wed June 29, 2022 06:06 AM
From: Alexey Fedorov
Subject: Task status

Hello,

What is a proper way to check task status for current incident trough a script?
I need to check if a some task close or not and make a decision.

------------------------------
Alexey Fedorov
------------------------------