Hi Daniel,
You should install the "QRadar Enhanced Data Migration" app from the IBM Security App Exchange.
I think this might be exactly what you are looking for.
But be sure to check all the versions requirements both for SOAR and QRadar. On QRadar, the "IBM Security QRadar Analyst Workflow" must also has to be installed.
HTH
------------------------------
Pierre Dufresne
------------------------------
Original Message:
Sent: Thu July 07, 2022 03:45 AM
From: Daniel Koifman
Subject: How can I populate a data table in a SOAR incident with information from QRadar offense?
Hey everyone,
I have an incident tab in SOAR called "QRadar". Inside it, I have created a data table called "Infected systems". How can I populate that data table with some information from the escalated QRadar offense? such as source ip, username, log source, etc...
Thank you in advance!
------------------------------
Daniel Koifman
------------------------------