IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How can I trigger workflow without IBM Qradar offense in IBM Resilient?

  • 1.  How can I trigger workflow without IBM Qradar offense in IBM Resilient?

    Posted Tue April 19, 2022 06:49 AM

    Hi team,

    How can we run a workflow on IBM Resilient based on a query from Splunk? For example, workflow runs automatically when there is a malware type offense from IBM Qradar. But can I automatically trigger a workflow in IBM Resilient with the output of a query that runs at certain intervals in Splunk?


    #Support
    #SupportMigration
    #QradarSOAR


  • 2.  RE: How can I trigger workflow without IBM Qradar offense in IBM Resilient?

    Posted Fri April 29, 2022 11:38 AM
    We can create incident with "IBM Resilient/SOAR Splunk Add-on". Based on the result of the search, an incident can be created as an action.

    https://splunkbase.splunk.com/app/3861/


    #Support
    #SupportMigration
    #QradarSOAR