IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Close QRadar offense in QRadar SOAR

    Posted Mon November 27, 2023 11:54 AM

    Hello, I am currently studying SOAR.
    SOAR - It is linked with SIEM, and I want to close the SIEM offence using SOAR, but I don't have much information.
    If you have a playbook or a way, please share it



    ------------------------------
    Yongwon Song
    ------------------------------


  • 2.  RE: Close QRadar offense in QRadar SOAR
    Best Answer

    Posted Mon November 27, 2023 01:26 PM

    If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar SOAR Plugin" for QRadar.

    You can configure this plugin to automatically close an offense when it is closed in SOAR,

    On the QRadar console, access the IBM QRadar SOAR Plugin configuration. On the "Preferences" tab check the ""  checkbox.

    HTH



    ------------------------------
    Pierre Dufresne
    ------------------------------

    Original Message


Related Content