Jump to content

Wiki

Toggle the table of contents

IBM QRadar SOAR: Handling Incident Tasks with Playbooks

From Wiki

Revision as of 12:05, 12 June 2025 by Ebasso (talk | contribs) (→‎Configuring the Playbook)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

IBM QRadar SOAR allows automated email sending through the fn_task_utils app.

This app allowing you to interact with SOAR Artifacts for use with other automations.

More details here: Task Utilities

Prerequisites

IBM QRadar SOAR configured.
fn_task_utils app installed.

Configuring the Playbook

In your playbook:

1) add or edit the Task Utils: Add Note function.

Set:

Output Name: task_utils_add_note_result
incident_id: incident.id
task_utils_note_type: text
task_id (optional):
task_name (optional): Initial Triage
task_utils_note_body (optional) TEXT: All information for this task was provided

2) add or edit the Task Utils: Close Task function.

Output Name: task_utils_close_task_result
incident_id: incident.id
task_id (optional):
task_name (optional): Initial Triage

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar_SOAR:_Handling_Incident_Tasks_with_Playbooks&oldid=9398"