Hello Experts,

I want to create artifact mapping for some QRadar offense fields using the QRadar-SOAR plugin app, but the "+"  as shown  below seems not to create a new entry (Type, Value and Description).

https://www.ibm.com/docs/en/qradar-common?topic=mapping-case-artifacts.

Also, i have an offense field in QRadar "Mac Address", and I want to include this field as an artifact on SOAR , can I use the below entry to send this field as an artifact:?

Type: Mac Address

Value: {{offense.mac_address}}

Description: Mac Address.

This seems not to work for me. 

Kindly assist

------------------------------
benlinux
------------------------------

Hello Experts,

I want to create artifact mapping for some QRadar offense fields using the QRadar-SOAR plugin app, but the "+"  as shown  below seems not to create a new entry (Type, Value and Description).

https://www.ibm.com/docs/en/qradar-common?topic=mapping-case-artifacts.

Also, i have an offense field in QRadar "Mac Address", and I want to include this field as an artifact on SOAR , can I use the below entry to send this field as an artifact:?

Type: Mac Address

Value: {{offense.mac_address}}

Description: Mac Address.

This seems not to work for me. 

Kindly assist

------------------------------
benlinux
------------------------------

Hello experts,

I will appreciate help here.

Thanks 

Hello Experts,

I want to create artifact mapping for some QRadar offense fields using the QRadar-SOAR plugin app, but the "+"  as shown  below seems not to create a new entry (Type, Value and Description).

https://www.ibm.com/docs/en/qradar-common?topic=mapping-case-artifacts.

Also, i have an offense field in QRadar "Mac Address", and I want to include this field as an artifact on SOAR , can I use the below entry to send this field as an artifact:?

Type: Mac Address

Value: {{offense.mac_address}}

Description: Mac Address.

This seems not to work for me. 

Kindly assist

------------------------------
benlinux
------------------------------