IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Fetch Payload as an artifacts from QRadar to IBM SOAR

  • 1.  Fetch Payload as an artifacts from QRadar to IBM SOAR

    Posted Mon October 04, 2021 04:31 AM
    Dear Team,

    Kindly tell me how to Fetch the PAYLOAD as an artifact from QRadar to IBM SOAR and tell me the method or workaround to fetch the PAYLOAD. 

    Regards 
    Asad Aftab

    ------------------------------
    Asad Aftab
    ------------------------------


  • 2.  RE: Fetch Payload as an artifacts from QRadar to IBM SOAR

    Posted Wed October 13, 2021 05:39 PM
    I would not add a payload as an artifact.
    Payload are usually made with a mix of information. I would add it in a Note, or in a Payload table.

    to get a payload, use the Seach function from the QRadar function from SOAR creating an Ariel Query that return the payload.
    in the post process, write a note or add the value in a table

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------

    Original Message