IBM Security QRadar SOAR

 View Only

  • 1.  How to get data table values within the incident

    Posted Tue March 05, 2024 02:38 AM
      |   view attached
    Hello, I am writing because I encountered a problem while testing email transfer using QRadar SOAR.
     
    After receiving the log using "QRadar Enhanced Data Migration" in QRadar SIEM, the data sent through "Outbound Email" should be emailed, but the value of the incident field is getting the value through incident.properties as shown in the picture below, but the data table does not get the value.
     
    If you have any good ideas or ideas, please help! 
     
    Have a nice day
    Thank you.


    ------------------------------
    Yongwon Song
    ------------------------------


  • 2.  RE: How to get data table values within the incident

    Posted Fri March 15, 2024 03:50 AM

    Hi Yongwon,

    Could you provide more logs to help identify which stage is causing the issue?



    ------------------------------
    Allen Lee
    ------------------------------

    Original Message


  • 3.  RE: How to get data table values within the incident

    Posted Mon March 18, 2024 03:26 AM
    Hello, Allen Lee
    Sorry for the late response!
     
    I have solved this issue
    The method I used was not to extract the value from the data table, but to search for the value in SIEM using a query.
     
    Thank you for your answer.
     
    Have a nice day


    ------------------------------
    Yongwon Song
    ------------------------------

    Original Message