QRadar Technical Blog: Connect QRadar to a phone using SMS messaging
Using a script from the Custom Action selection, QRadar may now communicate with a mobile phone using SMS messaging. The console must have direct Internet access for this feature to function properly.
The process is quite simple.
First, create an account with a provider that allows API access.
Second, request an API authentication token from that provider.
For the purpose of this blog the MSP used is Twilio at www.twilio.com.
This is an example of the shell script format for Twilio:
curl -k -X POST 'https://api.twilio.com/2010-04-01/Accounts/ <User ID> /Messages.json' \
--data-urlencode 'To=<receiving phone number>' \
--data-urlencode 'From=<sending phone number>' \
--data-urlencode 'Body=Text Message to be sent' \
-u <User ID> : <API Token>
Note1: The phone numbers must include the international code, example +44 for the UK. Third, a shell script is developed that uses curl to connect and deliver a message to the MSP.
Note2: The optimal maximum length of an SMS message is 160 characters including spaces with an absolute maximum of 918 characters.
Having built the shell script, it must be saved in the directory /home/customactionuser/. The script will run on the processor where the rule is triggered.