IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Splunk Adaptive Response Issue

    Posted Thu April 18, 2019 01:08 AM
    Hi team,

    I am having issue with adaptive response module talking to resilient. If I manual trigger it works fine and goes seamlessly with the workflow defined. However, if I use ES Adaptive module that breaks and pulling out limited fields to resilient which breaks my workflow.

    Did someone seen this before ?

    Thank you,

    ------------------------------
    Venkatesh
    ------------------------------


  • 2.  RE: Splunk Adaptive Response Issue

    Posted Tue April 23, 2019 04:08 AM
    ​We also have issues with this, and have raised a bug with Resilient.
    They are working to provide us a fix on this.
    I can keep you updated on this.

    ------------------------------
    Qing Lan
    ------------------------------

    Original Message


  • 3.  RE: Splunk Adaptive Response Issue

    Posted Wed April 24, 2019 04:28 AM
    Hi Qing,

    After struggling we found issue was with Splunk ES - Issue occurred since it is trying creating notable also triggering incident both at same time. Due to which notable fields are not created yet goes missing from as per alert config.

    We were able make it work by using fields that are listed in events.

    Regards,
    Venky

    ------------------------------
    Venkatesh
    ------------------------------

    Original Message