IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar to Resilient Auto Escalation

    Posted Wed April 24, 2019 11:24 AM

    QRadar to Resilient Auto Escalation seems to work for the first rule created.  If I create a second rule, it stops working.  In an ideal situation, I would like to setup escalation rules for category types.  Has anyone else been able to use the GLOB syntax to create multiple rules?  If so, how?

    I am seeing a lack of documentation on this part of the Resilient App in the App exchange and could use some pointers from the community.

    What I've been able to figure out on my own so far is that *, **, and ? work as part of a word.  Example is Malware category or what works for the one rule:  *alware.    Malware or malware does not work.

    As soon as i try and add another rule, the auto escalation stops working.  Any other tips, tricks that work for anyone else?



    ------------------------------
    Rob Root
    ------------------------------


  • 2.  RE: QRadar to Resilient Auto Escalation

    Posted Thu April 25, 2019 10:11 AM
    Hi,

    Thanks for contacting us. 

    Our customers use resilient QRadar plugin with multiple rules. If you attach a screenshot here of that page, we might be able to figure out the problem. 

    Also our customer support is very experienced in solving problems like this. You can also contact customer support for help.

    Thanks,

    Yongjian Feng

    ------------------------------
    Yongjian Feng
    ------------------------------

    Original Message


Related Content