Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Save the Date! watsonx Hackathon - Pre-TechXchange Conference Event

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Close QRadar offense in QRadar SOAR

Jump to Best Answer

Yongwon SongMon November 27, 2023 11:54 AM

Hello, I am currently studying SOAR. SOAR - It is linked with SIEM, and I want to close the SIEM offence ...

Pierre DufresneMon November 27, 2023 01:26 PMBest Answer

If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar ...

1. Close QRadar offense in QRadar SOAR

0 Like
Yongwon Song
Posted Mon November 27, 2023 11:54 AM

Reply
Hello, I am currently studying SOAR.
SOAR - It is linked with SIEM, and I want to close the SIEM offence using SOAR, but I don't have much information.
If you have a playbook or a way, please share it

------------------------------
Yongwon Song
------------------------------
2. RE: Close QRadar offense in QRadar SOAR
Best Answer

0 Like
Pierre Dufresne
Posted Mon November 27, 2023 01:26 PM

Reply
If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar SOAR Plugin" for QRadar.

You can configure this plugin to automatically close an offense when it is closed in SOAR,

On the QRadar console, access the IBM QRadar SOAR Plugin configuration. On the "Preferences" tab check the "Close Offense when Case closes" checkbox.

HTH

------------------------------
Pierre Dufresne
------------------------------

Original Message

Powered by Higher Logic