IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Resilient App for Qradar : Automatic Escalation Problem

    Posted Tue May 26, 2020 10:06 AM

    Hi,

    I want to escalate offense with description 'VPN - User not logged in for 3 days' automatically into Resilient from QRadar using below rule:



    But, it doesn't automatically escalated. Is there any way to configure this?
    Thank you.


    ------------------------------
    Futuhal Annasri
    ------------------------------


  • 2.  RE: Resilient App for Qradar : Automatic Escalation Problem

    Posted Wed June 03, 2020 02:57 PM
    Hi Futuhal

    Your rule looks correct...but it will only escalate offenses that occur in the future (not the past).


    ------------------------------
    AnnMarie Norcross
    ------------------------------

    Original Message


  • 3.  RE: Resilient App for Qradar : Automatic Escalation Problem

    Posted Thu June 04, 2020 08:46 AM
    Futuhal,

    Does your escalation template (improper usage) fill in all the required fields for an incident to be created? (the red star is next to them on the template)

    Also you can check the logs for the app (inside the app host or wherever it is installed) to see if you can gleam something else.

    Rich

    ------------------------------
    Richard Giesige
    Security Engineer
    Oshkosh Corporation
    Oshkosh
    ------------------------------

    Original Message


Related Content