Hi Aravind,
In the template that you use to escalate your offense to Resilient, the incident type is specified, for example in the IBM QRadar Integration Guide (documentation for the plugin ):
{% if "malware" in offense.description %}
"incident_type_ids": "Malware",
{% else %}
"incident_type_ids": "Other",
{% endif %}
"confirmed": 0
Incident Types in Resilient, start to kick off the playbook that you have defined in the Resilient Incident that is created.
------------------------------
Elizabeth Hecht
------------------------------
Original Message:
Sent: Tue March 24, 2020 06:38 AM
From: K Aravind Menon
Subject: Offense escalation from QRadar
Hi,
I am fairly new to using this tool. What is the easiest way to escalate an incident from QRadar such that, the workflow can be selected automatically in resilient. I was also wondering if it would be possible to call a workflow or apply a rule using a script.
------------------------------
Regards,
K Aravind Menon
------------------------------