Sample Scripts designed for IBM SOAR in-product scripting engine developed by The IR Gurus. These samples are meant to be a guide as to how to perform unique actions within the platform. Operators are different ways that data is stored or parsed within the IBM Security SOAR platform.

The IBM SOAR App Developer's Guide provides information on using the IBM SOAR Resilient Circuits Framework to run Apps and Integrations. The guide is available on the IBM Knowledge Center at ibm.biz/soar-docs .

Python Library for the IBM SOAR REST API, a Python SDK for developing Apps for IBM SOAR and more...

2021年6月14日 · API Reference for SOAR in-product scripting. In an effort to improve the experience of writing in-product Python 3 scripts for SOAR, we have put together some supplementary documentation detailing all of the fields and methods available for each object type within an in-product script, along with some example scripts and use cases.

2021年2月13日 · Shuffle是对SOAR的开源解释。它的目标是通过即插即用的应用程序，在整个企业中提供所有必要的数据传输功能，让每个人都能实现自动化。

Useful workflow/playbook functions to use for common parsing in the SOAR platform. This package contains functions to parse information from emails, ssl certificates, and PDFs as well as a function to transform an XML document using a preexisting xsl stylesheet.

Specifically, I am trying to use IP address artifacts in an incident with netMiko scripts to add them to a firewall address book. The goal is use SOAR to update a firewall address book based on QRadar offenses that have been created in SOAR.

In this lesson, you learned how to customize a sample email script to process inbound emails. How to specify the incident owner for new incidents created by the script. How to add allowlists for IP address and IP ranges.

2024年12月16日 · For a good start, you can look at the code of a utility I've developed and shared to the community "QuickResilientSOARstatistics.py," which is designed to interact with the IBM SOAR (Resilient) tool. This Python script allows you to efficiently query and retrieve detailed information on incidents whether they are :

Useful workflow functions for common automation and integration activities in the SOAR platform. SOAR functions taken from fn_utilities to simplify development of integrations by wrapping each external activity into an individual workflow/playbook component.