IBM Security QRadar SOAR

I'm trying to duplicate my playbook (with a different name) within the same organization. The goal is to have two playbooks (one for testing and one for continuous development).

To do so, I followed these steps:
1) I renamed the playbook from ABC to XYZ, while it was disabled. 2) Exported the playbook.
3) Renamed the playbook back to ABC.
4) Imported playbook XYZ.

When importing playbook XYZ, it deletes playbook ABC. I suspect this is because they both have the same API name. But it appears that I cannot change the API name once the playbook has been initialized.

Any ways around this issue?

------------------------------
Mark Aksen
------------------------------

Hi Mark

You can use the resilient-sdk clone command as documented resilient-sdk doc .

$ resilient-sdk clone -pb <playbook_to_be_cloned> <new_playbook_name>
$ resilient-sdk clone -pb <playbook_to_be_cloned> <new_playbook_name> --draft-playbook
$ resilient-sdk clone --playbook <playbook_to_be_cloned> <new_playbook_name> --changetype artifact

Hope this helps!

------------------------------
AnnMarie Norcross
------------------------------

Original Message:
Sent: Thu July 21, 2022 03:46 PM
From: Mark Aksen
Subject: Unable to import a playbook in the same org

I'm trying to duplicate my playbook (with a different name) within the same organization. The goal is to have two playbooks (one for testing and one for continuous development).

To do so, I followed these steps:
1) I renamed the playbook from ABC to XYZ, while it was disabled. 2) Exported the playbook.
3) Renamed the playbook back to ABC.
4) Imported playbook XYZ.

When importing playbook XYZ, it deletes playbook ABC. I suspect this is because they both have the same API name. But it appears that I cannot change the API name once the playbook has been initialized.

Any ways around this issue?

------------------------------
Mark Aksen
------------------------------