IBM Security SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to Library

RE: Auto Close Tasks Based on Field Values 

Tue June 11, 2019 10:10 AM
Statistics
0 Favorited
35 Views
1 Files
0 Shares
9 Downloads
Attachment(s)
gz file
fn_task_closer-1.0.0.tar.gz   5 KB   1 version
Uploaded - Tue June 11, 2019
 
Download

Comments

Jared Fagel
Tue July 30, 2019 02:10 PM

Instead of using a function, consider using a single script for simplicity.

A script of type 'task' can perform this in conjunction with a single automatic rule of type 'task' that triggers on an "is changed" condition from an incident field.

if(task.phase_id == 'Identification')
   if(task.name == 'Identify Mitre Tactic')
      if(incident.properties.mitre_tactic_name)  # Secondary check
         task.status = 'C'  # Close the task

Cheers!