IBM Security Resilient

Expand all | Collapse all

Display offense rule name in description or note

  • 1.  Display offense rule name in description or note

    Posted Wed February 05, 2020 04:32 AM
    Hi All,

    Is it possible to display the rule's name which generated the offense in the incident's description or as a note during/after escalation?

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: Display offense rule name in description or note

    Posted Wed February 05, 2020 02:40 PM
    Hi Adam

    Yes, you can map {{offense.rules}} to an Incident field (i.e. description or any custom field of type text).
    You will get "id" and "type" of rule.  See Qradar API doc for details (siem/offenses).

    ------------------------------
    AnnMarie Norcross
    ------------------------------



  • 3.  RE: Display offense rule name in description or note

    Posted Wed February 12, 2020 03:49 AM
    Hi AnnMarie,

    Thank you.

    ------------------------------
    Adam
    ------------------------------



  • 4.  RE: Display offense rule name in description or note

    Posted Wed February 12, 2020 04:31 AM
    Edited by Adam Wed February 12, 2020 04:32 AM
    Hi,

    Is it possible to extract the Rules' name, description, and notes?

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------