IBM QRadar SOAR: Handling Incident Artifacts with Playbooks

From Wiki
Revision as of 17:55, 11 June 2025 by Ebasso (talk | contribs)

IBM QRadar SOAR allows automated email sending through the fn_task_utils app.

This app allowing you to interact with SOAR Artifacts for use with other automations.

More details here: Task Utilities

The code is provided in my GitHub IBM QRadar Samples

Prerequisites

  • IBM QRadar SOAR configured.
  • fn_task_utils app installed.


Configuring the Playbook

In your playbook, add or edit the Artifact Utils: Search Artifacts component.

Set:

  • Output Name: artifact_utils_search_result
  • incident_id: incident.id
  • artifact_include_incident_count: Yes

Example: 

inputs.mail_template_label = 'sample_email'


With this configuration, the app will send an email using the sample_email template, which points to: 

/data/templates/sample_email.jinja

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar_SOAR:_Handling_Incident_Artifacts_with_Playbooks&oldid=9378"