Hi All, 

I am trying to setup a QRadar custom action to pass on OffenseID to a ticketing system as soon as an offense is created. I setup an event rule (since offense rules cannot call custom action), to trigger custom action when QID is 28250369 (new offense created). This works fine, and my custom action script executes as soon as there is a new offense. 

The next step is where I am having issues. I want to get the event payload passed on to the custom action script, so I can extract the Offense ID from it. So I added the Network Property called "payload", but my custom action script is getting it's value as: [B@b24722bb]

Does anyone know what this value means, and how can I get the payload in plain text format?

Just an idea. You should be able to parse your offense Id found to your script and call API in your script to collect all offense id data for the next step. Need to verify in lab system. Payload is problematic. Better Use offense ID and Offense description. 

Hi All, 

I am trying to setup a QRadar custom action to pass on OffenseID to a ticketing system as soon as an offense is created. I setup an event rule (since offense rules cannot call custom action), to trigger custom action when QID is 28250369 (new offense created). This works fine, and my custom action script executes as soon as there is a new offense. 

The next step is where I am having issues. I want to get the event payload passed on to the custom action script, so I can extract the Offense ID from it. So I added the Network Property called "payload", but my custom action script is getting it's value as: [B@b24722bb]

Does anyone know what this value means, and how can I get the payload in plain text format?