IBM Security SOAR

Expand all | Collapse all

Artifacts are Missing when Send from QRadar to SOAR

  • 1.  Artifacts are Missing when Send from QRadar to SOAR

    Posted 9 days ago
    Dear All,

    We are facing a Problem that when we Send Incident From QRadar to IBM SOAR using some incident type where we have multiple artifacts.
    In my case I have single source IP but multiple Destination IPs but when we escalate the case from QRadar to SOAR some time we get only source IP some time we only get Destination IP and some time both. We need to get both SOURCE AND DESTINATION IP for every incident. Kindly tell me if I am missing something.

    Regards
    ASAD AFTAB

    ------------------------------
    Asad Aftab
    ------------------------------


  • 2.  RE: Artifacts are Missing when Send from QRadar to SOAR

    Posted 8 days ago
    it depends on the configuration you have in the offense, and in the send to SOAR from QRadar, the mapping template:
    of the element are not visible, it is because it does not match the criterias here, like for custom properties.

    I suggest that you look at the App on App Exchange:
    • QRadar Functions for SOAR to get any custom properties using Ariel queries to build inside the app
    • QRadar Enhanced Data Migration to get a list of OOTB information from the offense



    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------



  • 3.  RE: Artifacts are Missing when Send from QRadar to SOAR

    Posted 7 days ago
    Hello @BENOIT ROSTAGNI

    We ​already check configuration  in the offense, and in the send to SOAR from QRadar, the mapping template. The configuration satisficed the condition but still we are not able to get the whole artifacts set(Source IP and Destination IP).
    ​​

    ------------------------------
    Asad Aftab
    ------------------------------