IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Different Email notifications for tenant/domain

  • 1.  Different Email notifications for tenant/domain

    Posted Thu September 08, 2022 09:51 AM

    Hello,

    I have an Offense Rule that send an e-mail notifications when a new offense is created.

    That I would like to do is exclude, from e-mail notifications, the offenses of a specific domain.

    There is a way that to do something like this? Any suggestion?

    Thank you



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Different Email notifications for tenant/domain

    Posted Thu September 08, 2022 10:15 AM

    Ciao Davide,

    there is no way to filter Offense rules by Domain, like for Event Rules. At least until the 7.4.3. I even made a Request for Enhancement years ago that probably ended up in the trash and no one at IBM thought it would be a very useful thing for MSSPs. The only alternative I have found is to handle them by filtering the network, if you have the network hierarchy properly configured. By inserting the condition"and when the networks affected are any of" and in the variable you put the network pertaining to the tenant.

    Hope it was helpful for you, but if you could do an RFE too maybe they (IBM) would give more consideration to mine too. Two is better than one.

    Best

    Rocco



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Different Email notifications for tenant/domain

    Posted Thu September 08, 2022 10:45 AM

    Ciao Rocco,

    thank you for your suggestion.

    If you can send me where I can do an RFE I try to do it.

    Grazie



    #QRadar
    #Support
    #SupportMigration


Related Content