If you are using the
IBM SOAR QRadar Plugin integration in QRadar, it will by default populate CSV Table, this is the output format of this App.
You could use the
QRadar Functions for SOAR app that allow to use the
Search
function to design an AQL query in a workflow, and populate the result in a table
You can also use the
QRadar Enhanced Data Migration app that is populating directly the main top tables, with direct link to the new pivot AQL design in QRadar, speeding the result when the analyst wants to pivot directly in QRadar, but it will look like he is still in SOAR
I strongly suggest you used ALL of them :)
------------------------------
BENOIT ROSTAGNI
------------------------------
Original Message:
Sent: Thu September 16, 2021 06:02 PM
From: Mohsin Ali
Subject: Is is possible to populate AQL results from qradar in a data table ?
Dear Community,
We are using Qradar search function to fetch results from Qradar, but it gives us output as a CSV in attachment tab . I wonder is it possible to fetch results from qradar events through AQL and populate the results In a data table?
------------------------------
Mohsin Ali
------------------------------