Custom action and QRadar rules

Use rule names and rule IDs as parameters in custom action scripts.

Pass the rule ID and rule name to custom action scripts by using the RULE_ID and RULE_NAME environmental variables.

The following Bash script example shows how to access the rule ID and rule name of the custom rule that triggers the custom action:

Bash script example

#!/bin/bash 
# The following script shows how to access 
# the id and name of the custom rule that triggered 
# the custom action in bash 

echo "Rule id: $RULE_ID" 
echo "Rule name: $RULE_NAME"

The following Python script example shows how to access the rule ID and rule name of the custom rule that triggers the custom action:

Python script example

#!/usr/bin/python
# The following script shows how to access
# the id and name of the custom rule that triggered
# the custom action in python

import os
rule_id = os.environ.get('RULE_ID')
rule_name = os.environ.get('RULE_NAME')

print "Rule id: " + rule_id
print "Rule name: " + rule_name

The following Perl script example shows how to access the rule ID and rule name of the custom rule that triggers the custom action:

Perl script example

#!/bin/perl
# The following script shows how to access
# the id and name of the custom rule that triggered
# the custom action in perl

$ruleId = $ENV{'RULE_ID'};
$ruleName = $ENV{'RULE_NAME'};

print "Rule id: $ruleId\n";
print "Rule name: $ruleName\n";