Skip to main content

IBM QRadar

Fetch offenses as incidents and search QRadar

QRadar aggregates and parses logs that come in from various data sources. The QRadar admin creates rules for detecting suspicious traffic, suspicious IDs, etc., and runs searches to obtain additional data about these offences.

What does this pack do?

The integration in this pack automatically fetches the offences from QRadar along with all the additional data about the offenses. The data from QRadar is populated into XSOAR incident fields providing the XSOAR analyst with all the information about the incident just by performing a fetch.

Using the commands in the integration, you can leverage what the QRadar API has to offer, such as:

  • Editing objects
  • Getting object lists
  • Adding notes
    Basically, you can perform tasks that a user would need to do manually in the QRadar UI or would need to provide automations to do.

For more information, visit our Cortex XSOAR Developer Docs.

If you're new to our QRadar Content Pack, check out our Ingest Incidents from a SIEM Using QRadar tutorial.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedJuly 26, 2020
Last ReleaseDecember 3, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.