List of Contributions

Hello Adam, This is a great list of questions. I'll try to answer most of them, however in order for you to fully understand workings of the integration I recommend checking out the documentation supplemented with the integration. Let me know if some parts of it are not clear and in your opinion need ...

Hello Jasmine, It is not unsafe, qradar_id is already a part of the case, and QRadar would require log in. What you could do is to have a script started at the creation of the incident, that would take qradar_id and insert it into the pattern you've listed above, and list it as a note, or wherever you'd ...

Hi Adam, At the moment there isn't an easy way to set-up such a flow. You could try to see if AQL queries in Resilient QRadar integration would work for you, but it returns results as attachments. As of next version of the integrations, that is currently in the development, this would be possible, ...

Hi Jasmine, Additionally, could you let me know who you were in contact with for PoC? I could reach out to them to confirm that you've been set up with correct configuration. ------------------------------ Ihor Husar ------------------------------

Hello Jasmine, It does exist in MSSP license as well. This does not mean that your PoC was misconfigured, since that incompatibility exists specifically with multiple mappings to the same organizations. We are working on some changes to support such configurations, but currently it's not available. ...

Hi Jasmine, Could you elaborate on "for sending two qradar:". I'm not sure if it's a typo or if you're referring to a configuration with 2 QRadar instances. I just want to clarify this, because we do not support configuration with 2 QRadar instances, though it's not related to this issue you've messaged ...

Edited: Duplication of the message -- See the response below --

Hello Brian, There is not a way to do this with the current implementation. Unfortunately, Exchange on-prem integrations is not scheduled for development any time soon, but let me point you in the right direction in case you'd like to add this capability yourself. The reason that data isn't accessible, ...