Still wondering why we can't access all nodes of offense and how we can do that without extra enrichment.
------------------------------
Jasmine
------------------------------
Original Message:
Sent: Wed August 19, 2020 06:43 PM
From: Jasmine
Subject: Qradar App :: Incident Mapping Template
Hi,
I want to add log sources from offense to resilient incident. We can do this via enrichment. But this means extra api calls. Is there any way for send log sources to resilient via app? Seems that log source field doesn't exist in fields. Any advice about this issue would be appreciated.