This is the purpose of Custom Action Scripts in QRadar. Custom actions can run as a rule response in QRadar and take values from the event payload to run within the script parameters you create. Custom actions run within a jail shell, meaning that they cannot interact with QRadar directly, but can make API calls and do outside functions for non-QRadar systems, like opening tickets, passing data, pretty much anything. Basically, the jail shell can only modify or alter files on QRadar within the shell itself, but actions outside of QRadar are possible for whatever function you need to complete.
For review: https://www.ibm.com/docs/en/qsip/7.5?topic=actions-passing-parameters-custom-action-script
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com------------------------------
Original Message:
Sent: Wed October 19, 2022 11:02 AM
From: Alexandre Gammaro
Subject: Query in rule tests
Hello All,
Anybody knows about some way to implement a rule test that need to do a query in some DB as conditional in rule?
Regards,
------------------------------
Alexandre Gammaro
------------------------------