Hi Adam,
In IBM Resilient QRadar Integration Configuration, Preferences tab, you can enable the option:
"Enable Resilient users to search the Ariel databases from an incident".
You can use the existing queries or create your own. Then, in an Incident, Artifact tab, you can run
the "QRadar Ariel Query" Action Rule on the desired artifact. By default this is a manually-run action.
Hope this helps!
AnnMarie
------------------------------
AnnMarie Norcross
------------------------------
Original Message:
Sent: Wed February 05, 2020 04:56 AM
From: Adam
Subject: Automatic AQL search based on artifacts for log sources
Hi All,
Is it possible that during/after escalation automatically run an AQL search based on the incident's artifacts for all log sources for the past week?
Thank you.
Regards,
Adam
------------------------------
Adam
------------------------------