IBM Security QRadar SOAR

Hi All,

Is it possible to display the rule's name which generated the offense in the incident's description or as a note during/after escalation?

Thank you.

Regards,
Adam

------------------------------
Adam
------------------------------

Hi Adam

Yes, you can map {{offense.rules}} to an Incident field (i.e. description or any custom field of type text).
You will get "id" and "type" of rule.  See Qradar API doc for details (siem/offenses).

------------------------------
AnnMarie Norcross
------------------------------

Original Message:
Sent: Wed February 05, 2020 04:32 AM
From: Adam
Subject: Display offense rule name in description or note

Hi All,

Is it possible to display the rule's name which generated the offense in the incident's description or as a note during/after escalation?

Thank you.

Regards,
Adam

------------------------------
Adam
------------------------------

Hi AnnMarie,

Thank you.

------------------------------
Adam
------------------------------

Original Message:
Sent: Wed February 05, 2020 02:40 PM
From: AnnMarie Norcross
Subject: Display offense rule name in description or note

Hi Adam

Yes, you can map {{offense.rules}} to an Incident field (i.e. description or any custom field of type text).
You will get "id" and "type" of rule.  See Qradar API doc for details (siem/offenses).

------------------------------
AnnMarie Norcross

Original Message:
Sent: Wed February 05, 2020 04:32 AM
From: Adam
Subject: Display offense rule name in description or note

Hi All,

Is it possible to display the rule's name which generated the offense in the incident's description or as a note during/after escalation?

Thank you.

Regards,
Adam

------------------------------
Adam
------------------------------

Hi,

Is it possible to extract the Rules' name, description, and notes?

Thank you.

Regards,
Adam

------------------------------
Adam
------------------------------

Original Message:
Sent: Wed February 05, 2020 02:40 PM
From: AnnMarie Norcross
Subject: Display offense rule name in description or note

Hi Adam

Yes, you can map {{offense.rules}} to an Incident field (i.e. description or any custom field of type text).
You will get "id" and "type" of rule.  See Qradar API doc for details (siem/offenses).

------------------------------
AnnMarie Norcross

Original Message:
Sent: Wed February 05, 2020 04:32 AM
From: Adam
Subject: Display offense rule name in description or note

Hi All,

Is it possible to display the rule's name which generated the offense in the incident's description or as a note during/after escalation?

Thank you.

Regards,
Adam

------------------------------
Adam
------------------------------