If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar SOAR Plugin" for QRadar.
You can configure this plugin to automatically close an offense when it is closed in SOAR,
On the QRadar console, access the IBM QRadar SOAR Plugin configuration. On the "Preferences" tab check the "" checkbox.
HTH
------------------------------
Pierre Dufresne
------------------------------
Original Message:
Sent: Mon November 27, 2023 04:17 AM
From: Yongwon Song
Subject: Close QRadar offense in QRadar SOAR
Hello, I am currently studying SOAR.
SOAR - It is linked with SIEM, and I want to close the SIEM offence using SOAR, but I don't have much information.
If you have a playbook or a way, please share it
------------------------------
Yongwon Song
------------------------------