IBM Security QRadar SOAR

 View Only
  • 1.  Resilient App for Qradar : Escalation Problem

    Posted Tue November 26, 2019 03:07 PM
    Hi,

    - I have a custom incident type
    - I have a rule for this custome incident type
    - I have set this incident category to escalation template
    - I want to use automatic escalation that sends offenses with description that contains exact #Malware ​word.
    - Resilient application for qradar escalate offense manually correctly, but automatic escalation create quite irrelevant incident for resilient.

    I think that this is the issue from qradar app. Is the automatic escalation work with regular expression? If yes, this is not works. I have tested so many expressions. 

    What is the right expression for containing exact match here? Any help or documentation would be appreciated.

    Best




    ------------------------------
    Jasmine
    ------------------------------


  • 2.  RE: Resilient App for Qradar : Escalation Problem

    Posted Fri December 06, 2019 05:00 PM
    We've had issues posting this, so please excusing if this comes through multiple times.

    If you would like an exact match on the word(s), then leave out the asterisks (*) as they are used as wildcards.


    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Resilient App for Qradar : Escalation Problem

    Posted Mon December 09, 2019 08:38 AM
    Hello Jasmine, if you want an exact match, then leave out the asterisks (*), as they are used as wildcards.

    ------------------------------
    Carol Namkoong
    ------------------------------