IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

  • 1.  QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

    Posted Mon January 04, 2021 11:22 AM

    Hi,

    On my Resilient 39.1.42 the rule didn't trigger. then I analyzed the conditions and found out that there are not correct. Below is the change the change I did to get it work.


    Replace


    with
    That's all



    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------


  • 2.  RE: QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

    Posted Tue January 05, 2021 09:44 AM

    Hi Gabriel,

    Could you please share the use case where the rule did not trigger? Also is the incident creation automatic(through QRadar Plugin)  or manual.



    ------------------------------
    Chaitanya Challa
    ------------------------------