IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

  • 1.  QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

    Posted Mon January 04, 2021 11:22 AM

    Hi,

    On my Resilient 39.1.42 the rule didn't trigger. then I analyzed the conditions and found out that there are not correct. Below is the change the change I did to get it work.


    Replace


    with
    That's all



    ------------------------------
    Gabriel NKUITE
    Open Group and IBM Certified ITS
    IBM
    Bois Colombes
    336 71016868
    ------------------------------


  • 2.  RE: QRadar Enhanced Data rule from "QRadar Enhanced Offense Data Migration" App does not work

    Posted Tue January 05, 2021 09:44 AM

    Hi Gabriel,

    Could you please share the use case where the rule did not trigger? Also is the incident creation automatic(through QRadar Plugin)  or manual.



    ------------------------------
    Chaitanya Challa
    ------------------------------

    Original Message


Related Content