IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

How can I populate a data table in a SOAR incident with information from QRadar offense?

  • 1.  How can I populate a data table in a SOAR incident with information from QRadar offense?

    Posted Thu July 07, 2022 03:45 AM
    Hey everyone,

    I have an incident tab in SOAR called "QRadar". Inside it, I have created a data table called "Infected systems". How can I populate that data table with some information from the escalated QRadar offense? such as source ip, username, log source, etc...

    Thank you in advance!

    ------------------------------
    Daniel Koifman
    ------------------------------


  • 2.  RE: How can I populate a data table in a SOAR incident with information from QRadar offense?

    Posted Thu July 07, 2022 08:17 AM
    Hi Daniel,
    You should install the "QRadar Enhanced Data Migration" app from the IBM Security App Exchange.
    I think this might be exactly what you are looking for.
    But be sure to check all the versions requirements both for SOAR and QRadar. On QRadar, the "IBM Security QRadar Analyst Workflow" must also has to be installed.

    HTH

    ------------------------------
    Pierre Dufresne
    ------------------------------