IBM QRadar SOAR: Handling Incident Artifacts with Playbooks

From Wiki
Revision as of 17:48, 11 June 2025 by Ebasso (talk | contribs) (Created page with "IBM QRadar SOAR allows automated email sending through the '''fn_task_utils''' app. This app allowing you to interact with SOAR Artifacts for use with other automations. More details here: [https://ibmresilient.github.io/resilient-community-apps/fn_task_utils/README.html Task Utilities] The code is provided in my GitHub [https://github.com/ebasso/ibm-qradar-samples/ IBM QRadar Samples] == Prerequisites == * IBM QRadar SOAR configured. * '''fn_task_utils''' app inst...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

IBM QRadar SOAR allows automated email sending through the fn_task_utils app.

This app allowing you to interact with SOAR Artifacts for use with other automations.

More details here: Task Utilities

The code is provided in my GitHub IBM QRadar Samples

Prerequisites

  • IBM QRadar SOAR configured.
  • fn_task_utils app installed.


Configuring the Playbook

In your playbook, add or edit the Outbound Email: Send Email 2 component. Set the mail_template_label input to match the label defined in app.config.

Example: 

inputs.mail_template_label = 'sample_email'


With this configuration, the app will send an email using the sample_email template, which points to: 

/data/templates/sample_email.jinja


Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar_SOAR:_Handling_Incident_Artifacts_with_Playbooks&oldid=9374"