Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

QRadar Ariel Query to the Artifact

Aitor Vivanco Santa CruzTue November 12, 2019 10:27 AM

Hello, It is possible to get the event payloads by doing Qradar Ariel Query to the Artifact. The same ...

Burak KaracaMon January 06, 2020 08:02 AM

Hi Aitor, In QRadar you can get raw payloads like this: select utf8(payload) from events last 5 minutes ...

1. QRadar Ariel Query to the Artifact

0 Like
Aitor Vivanco Santa Cruz
Posted Tue November 12, 2019 10:27 AM

Reply
Hello,
It is possible to get the event payloads by doing Qradar Ariel Query to the Artifact. The same payload which appears on the log event.

------------------------------
Aitor Vivanco Sata Cruz
------------------------------
2. RE: QRadar Ariel Query to the Artifact

0 Like
Burak Karaca
Posted Mon January 06, 2020 08:02 AM

Reply
Hi Aitor,

In QRadar you can get raw payloads like this:

select utf8(payload) from events last 5 minutes

You can create this query on Resilient App, can create a script to get logs from QRadar API etc. I hope this helps.

------------------------------
Burak Karaca
------------------------------

Original Message

Powered by Higher Logic