Hi,

Has anyone perhaps struggled with the problem of adding artifacts to a ref set with a namespace indication?
I have multiple domains in my QRadar and it adds artifacts with specific namespaces. I don't know how to organize in SOAR a list of namespaces to choose (with the possibility to select many) when adding an artifact to a Ref Set.
Whether to do it with a script or somehow else.

Best regards,
Marcin

------------------------------
Marcin Sołtys
------------------------------

Would the analyst be doing the namespace choice? Or would you be doing it based on where the offense/alert came from? 

Most of the time for us we would be using a mapping in the input script of a function to pass it along to the function for adding the reference set object. But there are a lot of ways to make this work.

------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh
------------------------------

Original Message:
Sent: Thu January 19, 2023 05:50 AM
From: Marcin Sołtys
Subject: Reference Set namespace

Hi,

Has anyone perhaps struggled with the problem of adding artifacts to a ref set with a namespace indication?
I have multiple domains in my QRadar and it adds artifacts with specific namespaces. I don't know how to organize in SOAR a list of namespaces to choose (with the possibility to select many) when adding an artifact to a Ref Set.
Whether to do it with a script or somehow else.

Best regards,
Marcin

------------------------------
Marcin Sołtys
------------------------------

Hi,

The premise is that having multiple organizations through MSSP with each of them to have the ability to add IP address/addresses to ref sets with the ability to choose one or multiple namespacs.

------------------------------
Marcin Sołtys
------------------------------

Original Message:
Sent: Wed January 25, 2023 04:17 PM
From: Richard Giesige
Subject: Reference Set namespace

Would the analyst be doing the namespace choice? Or would you be doing it based on where the offense/alert came from? 

Most of the time for us we would be using a mapping in the input script of a function to pass it along to the function for adding the reference set object. But there are a lot of ways to make this work.

------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh

Original Message:
Sent: Thu January 19, 2023 05:50 AM
From: Marcin Sołtys
Subject: Reference Set namespace

Hi,

Has anyone perhaps struggled with the problem of adding artifacts to a ref set with a namespace indication?
I have multiple domains in my QRadar and it adds artifacts with specific namespaces. I don't know how to organize in SOAR a list of namespaces to choose (with the possibility to select many) when adding an artifact to a Ref Set.
Whether to do it with a script or somehow else.

Best regards,
Marcin

------------------------------
Marcin Sołtys
------------------------------