IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to Show Top 10 Event Names in SOAR Incident Outbound Email from QRadar Offense Details

  • 1.  How to Show Top 10 Event Names in SOAR Incident Outbound Email from QRadar Offense Details

    Posted Mon May 05, 2025 10:37 AM
    Hi everyone,
     
    I'm working on customizing an outbound email template in IBM SOAR and need help with extracting specific offense-related data from QRadar.
     
    I want to display the Top 10 Event Names that are part of a QRadar offense (as shown under the "QRadar Offense Details" tab in the SOAR incident) within the email body.
     
    Has anyone done this before or can guide me on how to extract and format these event names in the email template?
     
    Any script examples, extension tips, or documentation references would be highly appreciated.
     
    Thanks in advance!
     
    Best regards,
    Abdlrahman


    ------------------------------
    Abdlrahman moghazy
    ------------------------------


Related Content