You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Revisions would improve how the qradar_search function works.
Current implementation issues:
Implementation is clunky in the use of generic "qradar_query_param" parameters as opposed to managing them in the post-processor and passing complete AQL to the function. Implementation is more abstract than necessary, and has associated bugs in search waiting as a result. Implementation does not have robust error handling and reporting. Implementation does not cancel searches on workflow termination. Implementation does not cancel searches on query timeout. Implementation does not pass events in clean dictionary structure for post-processor use in dynamic table creation. Implementation does not regard file upload limit for Resilient attachments.
Description
Revisions would improve how the qradar_search function works.
Current implementation issues:
Implementation is clunky in the use of generic "qradar_query_param" parameters as opposed to managing them in the post-processor and passing complete AQL to the function. Implementation is more abstract than necessary, and has associated bugs in search waiting as a result. Implementation does not have robust error handling and reporting. Implementation does not cancel searches on workflow termination. Implementation does not cancel searches on query timeout. Implementation does not pass events in clean dictionary structure for post-processor use in dynamic table creation. Implementation does not regard file upload limit for Resilient attachments.
Please see changes here: https://github.com/jjfallete/resilient/tree/master/functions/qradar
Tests and customize.py will need to be recreated.
Describe How to Reproduce
N/A
The text was updated successfully, but these errors were encountered: