Hi Adam,
At the moment there isn't an easy way to set-up such a flow. You could try to see if AQL queries in Resilient QRadar integration would work for you, but it returns results as attachments.
As of next version of the integrations, that is currently in the development, this would be possible, as your use-case is one of the use cases we are specifically addressing.
It will come with a dependency on the new UBA app in QRadar (which itself depends on version 7.4), but it will have ready to use workflows for extracting information from QRadar offenses.
The planned release date for it would be in late November.
Hope this answers your question,
------------------------------
Ihor Husar
------------------------------
Original Message:
Sent: Tue October 20, 2020 06:25 AM
From: Adam
Subject: QRadar integration function
Hi,
Is there any way to accomplish a QRadar-Resilient integration function that after an incident is created from an email, Resilient asks QRadar information about this incident? Like info about the artifacts, sources, anything related?
Thank you.
------------------------------
Adam
------------------------------