QRadar - support Offenses being synced back to OpenCTI as cases. #2672
Labels
feature
use for describing a new feature to develop
needs triage
use to identify issue needing triage from Filigran Product team
Comments
damians-filigran
added
feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use case
We would like the ability for Offenses created in QRadar to be synchronised back to OpenCTI, which would then create an IR case in OpenCTI for analysts to triage.
Current Workaround
No current solution; possibly export to CSV and import using CSV mapper
Proposed Solution
A connector that will connect to the QRadar API, and pull a filtered set of offenses (ie. not all, but a filtered set)
Additional Information
Some relevant links/videos are [here]:
[Documentation for Offense(https://www.ibm.com/docs/en/qsip/7.5?topic=phase-qradar-rules-offenses)
Video of example content for Offense review
Would you be willing to submit a PR?
We can assist with a test system/licence, and investigate the most appropriate integration/value mapping
The text was updated successfully, but these errors were encountered: