Hello all,

can  anyone help me with an AQL or any other method to  calculate the average  time of closing Offences for the last 24hours for exemple.

Thank you  all.

------------------------------
cherbani samir
------------------------------

Cherbani,
this will be a bit tricky, as there is no default search available to get this data calculated as you already noticed.
Step1: search all closed offenses for the last 24h
Step2: check each offense for start time and close time
Best way is to use the API offense search. You can create an app for this and use inside your offense analysis.
see sample for API fields to be used. You need a for loop to calculate all closing times needed inside you app.
AQL isnt a good idea as there is no AQL search available on offenses which are stored inside postgres and not ariel db.

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Thu August 11, 2022 10:41 AM
From: cherbani samir
Subject: Offences closing time average

Hello all,

can  anyone help me with an AQL or any other method to  calculate the average  time of closing Offences for the last 24hours for exemple.

Thank you  all.

------------------------------
cherbani samir
------------------------------

Hi Karl

Thank you  for answering my question, I will search in this direction, I think  creat an app is a good idea

Regards.

------------------------------
cherbani samir
------------------------------

Original Message:
Sent: Mon August 15, 2022 05:27 AM
From: Karl Jaeger
Subject: Offences closing time average

Cherbani,
this will be a bit tricky, as there is no default search available to get this data calculated as you already noticed.
Step1: search all closed offenses for the last 24h
Step2: check each offense for start time and close time
Best way is to use the API offense search. You can create an app for this and use inside your offense analysis.
see sample for API fields to be used. You need a for loop to calculate all closing times needed inside you app.
AQL isnt a good idea as there is no AQL search available on offenses which are stored inside postgres and not ariel db.

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Thu August 11, 2022 10:41 AM
From: cherbani samir
Subject: Offences closing time average

Hello all,

can  anyone help me with an AQL or any other method to  calculate the average  time of closing Offences for the last 24hours for exemple.

Thank you  all.

------------------------------
cherbani samir
------------------------------

Hi Cherbani,

checkout this: https://www.ibm.com/docs/en/qsip/7.5?topic=750-qradar
With QRadar 7.5.0 there are some new possibilities regarding to offense time functions. The OFFENSE_TIME function limits the query to applicable times that an offense might be active. 

Maybe this will assist you..

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------

Original Message:
Sent: Thu August 11, 2022 10:41 AM
From: cherbani samir
Subject: Offences closing time average

Hello all,

can  anyone help me with an AQL or any other method to  calculate the average  time of closing Offences for the last 24hours for exemple.

Thank you  all.

------------------------------
cherbani samir
------------------------------

Thank  you Ralph, but unfortunately we are not in version 7.5 yet

------------------------------
cherbani samir
------------------------------

Original Message:
Sent: Thu August 18, 2022 09:22 AM
From: Ralph Belfiore
Subject: Offences closing time average

Hi Cherbani,

checkout this: https://www.ibm.com/docs/en/qsip/7.5?topic=750-qradar
With QRadar 7.5.0 there are some new possibilities regarding to offense time functions. The OFFENSE_TIME function limits the query to applicable times that an offense might be active. 

Maybe this will assist you..

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727

Original Message:
Sent: Thu August 11, 2022 10:41 AM
From: cherbani samir
Subject: Offences closing time average

Hello all,

can  anyone help me with an AQL or any other method to  calculate the average  time of closing Offences for the last 24hours for exemple.

Thank you  all.

------------------------------
cherbani samir
------------------------------