IBM Security QRadar SOAR

 View Only
  • 1.  Data Feeder Timer Information

    IBM Champion
    Posted Thu March 31, 2022 10:12 AM
    Edited by Liam Mahoney Thu March 31, 2022 10:12 AM

    All,

    We are working on implementing the data feeder integration with our production environment. I ran the feeder and our SQL server is now populated with data. However, one of our biggest use cases is to use data from the timer fields (data retrieved from the `POST /orgs/{org_id}/timers` endpoint). It doesn't appear to me that this information is available within our SQL server.

    Is there a way to get this timer data synced into our SQL server through data feeder?

    Thanks,



    ------------------------------
    Liam Mahoney
    ------------------------------


  • 2.  RE: Data Feeder Timer Information

    Posted Fri April 01, 2022 08:17 AM
    Hi Liam,

    We've had this requirement on our backlog and will look at reprioritizing it. One question is: at what point should the timer information be included: ongoing when changes occur to the case or when the case is closed. It would seem that when the case is close makes the most sense. But I'd like to know how you'd like to have this capability implemented.

    Regards,
    Mark

    ------------------------------
    Mark Scherfling
    ------------------------------



  • 3.  RE: Data Feeder Timer Information

    IBM Champion
    Posted Fri April 01, 2022 09:18 AM
    Mark,

    That's great news, we'd definitely appreciate this feature getting implemented.

    I don't think we'd be too picky about when the timer data gets synced. On case closure would work fine for our use. We'd only be creating metrics / dashboards in our BI tool based on closed cases, so we wouldn't have a need for the timer data to get synced before that.

    Thanks for the info Mark!

    ------------------------------
    Liam Mahoney
    ------------------------------