IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Offense Close Reasons

    Posted Fri November 05, 2021 09:14 AM
    I need to make a report or a widget to pulse that can visualize how the offenses were closed during the previous day, but I can't, in the default Qradar reports the reason for closing does not appear and in the Qradar API I also do not find how to extract the reason for each closed offense.
    any ideas?
    Regards

    ------------------------------
    DAVID SANZ POZAS
    ------------------------------


  • 2.  RE: Offense Close Reasons

    Posted Mon November 08, 2021 12:42 PM
    David,
    1st you should determine which close reasons you got. Then you can search for all closed offenses using the specific close reason using the API. GET - /siem/offense_closing_reasons/{closing_reason_id}
    BR
    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 3.  RE: Offense Close Reasons

    Posted Tue November 16, 2021 02:08 PM
    Hey David,

    You could create an app to provide the Pulse dashboard with the data you need.
    We have created a demo app for your reference. It contains two API calls and allows you to create a Pulse Dashboard with the information of the offenses closed in the last 24hrs and the reason of it.

    For more information check the app code from: https://github.com/qradar-cafe/QRadarApp-AdvancedDashboardItems

    It will be also shown in the Qradar Cafe of next Friday November 19th.

    Thanks,
    Marta

    ------------------------------
    Marta Perez Dominguez
    ------------------------------

    Original Message


Related Content