IBM Security QRadar SOAR

 View Only

  • 1.  Adding offenses to existing incidents

    Posted Wed February 12, 2020 06:42 AM
    Hi,

    Is it possible to assign/add Offenses to existing incidents -like through Offense ID artifacts-?
    It would be useful when we find out that other offenses are related to one incident after escalation.

    Thank you.

    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: Adding offenses to existing incidents

    Posted Thu February 13, 2020 05:46 PM
    Hi Adam

    The relationship to QRadar Offenses to Resilient Incident is 1:1.
    However, incidents can be related to each other via artifacts, if you choose the
    proper "Related" option on the artifact.  If an artifact exists in more than
    incident, you can see the related incidents in the Artifacts tab when in
    "Graph" mode.

    Hope that helps!

    AnnMarie

    ------------------------------
    AnnMarie Norcross
    ------------------------------

    Original Message


  • 3.  RE: Adding offenses to existing incidents

    Posted Wed February 19, 2020 03:21 AM
    Hi AnnMarie,

    So it is not possible right now I see.
    Thank you.

    ------------------------------
    Adam
    ------------------------------

    Original Message