IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Regarding Query_builder

    Posted Sun February 19, 2023 08:47 AM

    Hi 

    Please let me know how we can specify to query incident only for last 24 hours in query_builder ? 

    Regards

    Shubham



    ------------------------------
    Shubham Agarwal
    ------------------------------


  • 2.  RE: Regarding Query_builder

    Posted Thu July 20, 2023 07:06 AM

    Hi,

    import time

reference_time = int(time.time() - 24 * 60 * 60 ) * 1000 # milliseconds

query_builder.equals(fields.incident.plan_status, "C") # closed incidents
query_builder.isGreaterThan(fields.incident.inc_last_modified_date, reference_time) # in last 24 hours, based on the last_modified_time of incident

query = query_builder.build()
closed_incidents = helper.findIncidents(query)


    ------------------------------
    SOAR Engineer
    ------------------------------

    Original Message


Related Content