it depends on the configuration you have in the offense, and in the send to SOAR from QRadar, the mapping template:
of the element are not visible, it is because it does not match the criterias here, like for custom properties.
I suggest that you look at the App on
App Exchange:
- QRadar Functions for SOAR to get any custom properties using Ariel queries to build inside the app
- QRadar Enhanced Data Migration to get a list of OOTB information from the offense
------------------------------
BENOIT ROSTAGNI
------------------------------
Original Message:
Sent: Wed October 13, 2021 07:36 AM
From: Asad Aftab
Subject: Artifacts are Missing when Send from QRadar to SOAR
Dear All,
We are facing a Problem that when we Send Incident From QRadar to IBM SOAR using some incident type where we have multiple artifacts.
In my case I have single source IP but multiple Destination IPs but when we escalate the case from QRadar to SOAR some time we get only source IP some time we only get Destination IP and some time both. We need to get both SOURCE AND DESTINATION IP for every incident. Kindly tell me if I am missing something.
Regards
ASAD AFTAB
------------------------------
Asad Aftab
------------------------------