IBM Security QRadar SOAR

 View Only
  • 1.  How to specify a date range in the query_builder?

    Posted Fri July 01, 2022 01:47 AM
    Hi,

    How to specify a date range ( like incident create datetime ) in the query_builder?
    Please point me to any related example or document.

    Thank you.

    ------------------------------
    Meghana Medasani
    ------------------------------


  • 2.  RE: How to specify a date range in the query_builder?

    Posted Fri July 01, 2022 11:33 AM
    Hi Meghana

    Here is an example:

    # find all incidents created from midnight today
    query_builder.isGreaterThan(fields.incident.create_date, dt_midnight_ms)
    query = query_builder.build()
    incidents = helper.findIncidents(query) ​

    dt_midnight_ms is epoch in milliseconds.

    AnnMarie



    ------------------------------
    AnnMarie Norcross
    ------------------------------