IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Azure Sentinel to QRoC integration workflow

  • 1.  Azure Sentinel to QRoC integration workflow

    Posted Wed April 02, 2025 03:06 PM

    Hello, 

    we are struggling to integrate Azure Sentinel to QRoC over MS Sentinel Universal Cloud REST API connector workflow described here Universal Cloud REST API connector workflow for Microsoft Sentinel. Integration works properly (on network level). However we are facing problems once incidents are pulled from MS Sentinel API to QRoC. Incidents are pulled randomly and not always all of them. 

    I did quick test with Postman utility where I query MS Sentinel API and all incidents are fetched properly. The same with QRoC feature for connection testing. In both cases incidents are fetched. We asked MS for support but no luck. Our observation is that there is a problem with query in the workflow...

    Did somebody else had this issue? Please, do you have somebody workflow which is working properly? 

    Thank you for hints/tips/tricks... 

    Ibm remove preview
    Universal Cloud REST API connector workflow for Microsoft Sentinel
    You can customize your workflow and workflow parameters based on the default workflow.
    View this on Ibm >



    ------------------------------
    Lubos Chupac
    ------------------------------