QRadar XDR

About define action Script Parameters question

  • 1.  About define action Script Parameters question

    Posted Thu September 09, 2021 06:57 AM
    First  
    define action Script Parameters have two select action
    what is the  Fixed Property and Network Event Property difference?     
    two
    Script Configuration i use python
    and set devicetime username  EVENT_NAME command  (use QRadar 7.2.8)
    and trigger the execution 
    about the devicetime
    i use 
    devicetime = sys.argv[1]
    devicetime = time.strftime("%Y-%m-%d %H:%M:%S",time.localtime())
    but  result is UTC time  not my timezone
    and orther question
    i use 
    eventname = str(sys.argv[3])
    but result is null  (in log activity have some information look like  User Login)

    and i build a   7.3.3 Hotfix 9 environment  Script Parameters  Network Event Property  no have    EVENT_NAME can select

    so somebody can hele me 

    THX~




    ------------------------------
    Hung-Ting Chou
    ------------------------------