Hi,
I wrote a simple playbook in which I am using the QRadar Search function from the fn_qradar_integration App.
I want to use the script method to provide the function inputs.
I modeled my script from the workflow example provided with the App.
After many tries wihich yielded many different errors I am calling for help.
You will find below the code of my input script. Could someone help me with the correct syntax.
Thanks
inputs.qradar_query = "SELECT %param1% FROM events WHERE INOFFENSE(%param2%) LAST %param3% MINUTES"
inputs.qradar_query_param1 = DATEFORMAT(starttime, 'YYYY-MM-dd HH:mm') as StartTime, CATEGORYNAME(category), LOGSOURCENAME(logsourceid), PROTOCOLNAME(protocolid), RULENAME(creeventlist),"Threat Name" as Menace,"Source Workstation" as SourceMenace,"File Path" as Filepath
inputs.qradar_query_param2 = incident.properties.qradar_id
inputs.qradar_query_param3 = 43320
inputs.qradar_query_range_start = 1
inputs.qradar_query_all_results = "No"
------------------------------
Pierre Dufresne
------------------------------