IBM QRadar SOAR: Handling Incident Tasks with Playbooks

From Wiki
Revision as of 12:08, 12 June 2025 by Ebasso (talk | contribs) (→‎Configuring the Playbook)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

IBM QRadar SOAR allows automated email sending through the fn_task_utils app.

This app allowing you to interact with SOAR Artifacts for use with other automations.

More details here: Task Utilities

Prerequisites

  • IBM QRadar SOAR configured.
  • fn_task_utils app installed.


Configuring the Playbook

In your playbook:

1) add or edit the Task Utils: Add Note function.

Set:

  • Output Name: task_utils_add_note_result
  • incident_id: incident.id
  • task_utils_note_type: text
  • task_id (optional):
  • task_name (optional): Initial Triage
  • task_utils_note_body (optional) TEXT: All information for this task was provided


2) add or edit the Task Utils: Close Task function.

  • Output Name: task_utils_close_task_result
  • incident_id: incident.id
  • task_id (optional):
  • task_name (optional): Initial Triage

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar_SOAR:_Handling_Incident_Tasks_with_Playbooks&oldid=9402"