Hi Ben,
Thank you for the quick response!
I tested using:
{{offense.offense_indexer.label}}
And it is working perfectly.
Now I am able to get the correct human-readable offense type in SOAR.
Really appreciate your help - this solved my issue.
------------------------------
Arunkumar G
------------------------------
Original Message:
Sent: Wed November 19, 2025 01:22 AM
From: BEN WILLIAMS
Subject: Issue: QRadar → SOAR Plugin – offense_type_name is Coming Empty
Hi Arunkumar,
Try using offense.offense_indexer.label instead and let me know if it works.
"offense_type": "{{offense.offense_indexer.label}}"
------------------------------
BEN WILLIAMS
Original Message:
Sent: Tue November 18, 2025 09:26 PM
From: Arunkumar G
Subject: Issue: QRadar → SOAR Plugin – offense_type_name is Coming Empty
Hi Team,
I am facing an issue with the IBM SOAR Plugin App for QRadar, specifically related to field mapping during offense ingestion.
Problem Description
While mapping fields from QRadar offense JSON to SOAR fields:
When I map {{offense.offense_type}}, I correctly receive the numeric offense type (example: 1, 49, etc.).
But when I map {{offense.offense_type_name}}, the field value in SOAR becomes blank / empty.
Expected Behavior
According to the documentation:
offense_type → numeric code
offense_type_name → human-readable name translated from offense_type (e.g., Admin Login Failure, Port Scan, etc.)
But currently, the plugin returns no value for offense_type_name.
Any recommended fix or configuration to enable this field?
------------------------------
Arunkumar G
------------------------------