Global Security Forum

 View Only

  • 1.  Setting up IBM QRadar custom action

    Posted Mon February 20, 2023 07:49 AM
    Reply

    Hi All, 

    I am trying to setup a QRadar custom action to pass on OffenseID to a ticketing system as soon as an offense is created. I setup an event rule (since offense rules cannot call custom action), to trigger custom action when QID is 28250369 (new offense created). This works fine, and my custom action script executes as soon as there is a new offense. 

    The next step is where I am having issues. I want to get the event payload passed on to the custom action script, so I can extract the Offense ID from it. So I added the Network Property called "payload", but my custom action script is getting it's value as: [B@b24722bb]

    Does anyone know what this value means, and how can I get the payload in plain text format?



    ------------------------------
    nouman abbasi
    Software Productivity Strategists| Inc.
    Rockville MD
    ------------------------------


  • 2.  RE: Setting up IBM QRadar custom action

    Posted Tue February 21, 2023 04:10 AM
    Reply

    Instead of sending the whole payload - create some custom properties for the values in the payload that you want and send those to the script.



    ------------------------------
    Paul Ford-Hutchinson
    ------------------------------

    Original Message


  • 3.  RE: Setting up IBM QRadar custom action

    Posted Mon February 17, 2025 02:47 AM
    Reply

    Hi,

    Same behaviour here : unable to pass the same fields as you can with email alerts (payload, CRE Name, CRE description, etc...).



    ------------------------------
    Thomas LADEL
    ------------------------------

    Original Message