Hi,

 I was testing the QRadar Enhanced Data Migration application and more specifically the QRadar Offense Summary function, for some reason it is not updating my fields attached in the screenshot. I ran the tests on both open and closed incidents.

Data transferred in pre-process script,The post process-script was not changed by me and is the same as in the documentation.

The error message it receives looks as follows:

I am very much counting on your help, I have no idea how to solve this at the moment.

Regards 
Lukasz Tynski

Hi Łukasz,

Enable debug in the app using one of the two documents depending on whether you are using an App Host or integrations server

• MustGather: Collecting logs for IBM Resilient Circuits
• MustGather: Information to Collect when Troubleshooting Issues with IBM Security SOAR AppHost

Reproduce and take a look at the logs to see what is being returned after the AQL is sent to QRadar.

Have you installed Analyst Workflow on QRadar and is it functional?

Have you configured the correct parameter values that are used to construct the AQL? These values are specific to your requirements.

Is the function getting results from QRadar within 10 minutes or the configured time out of the function?

The log with debug enabled should provide a lot of insight. Also, take a look at the action status and workflow status of the incident.

Hi,

 I was testing the QRadar Enhanced Data Migration application and more specifically the QRadar Offense Summary function, for some reason it is not updating my fields attached in the screenshot. I ran the tests on both open and closed incidents.

Data transferred in pre-process script,The post process-script was not changed by me and is the same as in the documentation.

The error message it receives looks as follows:

I am very much counting on your help, I have no idea how to solve this at the moment.

Regards 
Lukasz Tynski