IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar Ariel Query to the Artifact

    Posted Tue November 12, 2019 10:27 AM
    Hello,
    It is possible to get the event payloads by doing Qradar Ariel Query to the Artifact. The same payload which appears on the log event.

    ------------------------------
    Aitor Vivanco Sata Cruz
    ------------------------------


  • 2.  RE: QRadar Ariel Query to the Artifact

    Posted Mon January 06, 2020 08:02 AM
    Hi Aitor,

    In QRadar you can get raw payloads like this:

    select utf8(payload) from events last 5 minutes

    You can create this query on Resilient App, can create a script to get logs from QRadar API etc. I hope this helps.

    ------------------------------
    Burak Karaca
    ------------------------------

    Original Message


Related Content