IBM QRadar SOAR

Hi,

- I have a custom incident type
- I have a rule for this custome incident type
- I have set this incident category to escalation template
- I want to use automatic escalation that sends offenses with description that contains exact #Malware ​word.
- Resilient application for qradar escalate offense manually correctly, but automatic escalation create quite irrelevant incident for resilient.

I think that this is the issue from qradar app. Is the automatic escalation work with regular expression? If yes, this is not works. I have tested so many expressions. 

What is the right expression for containing exact match here? Any help or documentation would be appreciated.

Best




------------------------------
Jasmine
------------------------------

We've had issues posting this, so please excusing if this comes through multiple times.

If you would like an exact match on the word(s), then leave out the asterisks (*) as they are used as wildcards.

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Tue November 26, 2019 03:06 PM
From: Jasmine
Subject: Resilient App for Qradar : Escalation Problem

Hi,

- I have a custom incident type
- I have a rule for this custome incident type
- I have set this incident category to escalation template
- I want to use automatic escalation that sends offenses with description that contains exact #Malware ​word.
- Resilient application for qradar escalate offense manually correctly, but automatic escalation create quite irrelevant incident for resilient.

I think that this is the issue from qradar app. Is the automatic escalation work with regular expression? If yes, this is not works. I have tested so many expressions. 

What is the right expression for containing exact match here? Any help or documentation would be appreciated.

Best

------------------------------
Jasmine
------------------------------

Hello Jasmine, if you want an exact match, then leave out the asterisks (*), as they are used as wildcards.

------------------------------
Carol Namkoong
------------------------------

Original Message:
Sent: Tue November 26, 2019 03:06 PM
From: Jasmine
Subject: Resilient App for Qradar : Escalation Problem

Hi,

- I have a custom incident type
- I have a rule for this custome incident type
- I have set this incident category to escalation template
- I want to use automatic escalation that sends offenses with description that contains exact #Malware ​word.
- Resilient application for qradar escalate offense manually correctly, but automatic escalation create quite irrelevant incident for resilient.

I think that this is the issue from qradar app. Is the automatic escalation work with regular expression? If yes, this is not works. I have tested so many expressions. 

What is the right expression for containing exact match here? Any help or documentation would be appreciated.

Best

------------------------------
Jasmine
------------------------------