Add usefull fields in offensesummary query to populate result and therefore be able to run logic on those result fields : status, domain, startTime and lastUpdatedTime
Motivation and Context
I would like to have those fields to run playbooks that check the offense status and domain before doing other checks.
Getting offense status from Qradar is usefull in case sync between QRadar and SOAR is down for some times. Status is never updated for old offense then. Returning those fields allows to create a playbook that would, for example, resync status for offense comparing status in QRadar and Resilient to ensure consistancy.
StartTime and LastUpdatedTime will be usefull for futur playbook I plan to create.
[x] Either no new documentation is required by this change, OR I added new documentation
[x] Either no new tests are required by this change, OR I added new tests
[x] I have run pep8 and pylint. I have cleaned up all valid errors and warnings in code I have added or modified. These tools may generate false positives. Don't be worried about ignoring some errors or warnings. The goal is clean, consistent, and readable code.
Description
Add usefull fields in offensesummary query to populate result and therefore be able to run logic on those result fields : status, domain, startTime and lastUpdatedTime
Motivation and Context
I would like to have those fields to run playbooks that check the offense status and domain before doing other checks. Getting offense status from Qradar is usefull in case sync between QRadar and SOAR is down for some times. Status is never updated for old offense then. Returning those fields allows to create a playbook that would, for example, resync status for offense comparing status in QRadar and Resilient to ensure consistancy. StartTime and LastUpdatedTime will be usefull for futur playbook I plan to create.
How Has This Been Tested?
Query tested on : https://qradar_instance/console/graphql
Checklist:
Signed-off-by: IMSdevsecu 88375366+IMSdevsecu@users.noreply.github.com