Revisions would improve how the qradar_search function works.
Current implementation issues:
Implementation is clunky in the use of generic "qradar_query_param" parameters as opposed to managing them in the post-processor and passing complete AQL to the function. Implementation is more abstract than necessary, and has associated bugs in search waiting as a result. Implementation does not have robust error handling and reporting. Implementation does not cancel searches on workflow termination. Implementation does not cancel searches on query timeout. Implementation does not pass events in clean dictionary structure for post-processor use in dynamic table creation. Implementation does not regard file upload limit for Resilient attachments.
Description
Revisions would improve how the qradar_search function works.
Current implementation issues: Implementation is clunky in the use of generic "qradar_query_param" parameters as opposed to managing them in the post-processor and passing complete AQL to the function. Implementation is more abstract than necessary, and has associated bugs in search waiting as a result. Implementation does not have robust error handling and reporting. Implementation does not cancel searches on workflow termination. Implementation does not cancel searches on query timeout. Implementation does not pass events in clean dictionary structure for post-processor use in dynamic table creation. Implementation does not regard file upload limit for Resilient attachments.
Please see changes here: https://github.com/jjfallete/resilient/tree/master/functions/qradar Tests and customize.py will need to be recreated.
Describe How to Reproduce
N/A