Skip to main content
All CollectionsTemplatesBasic
Create a Torq Case from a QRadar Offense - Workflow Template
Create a Torq Case from a QRadar Offense - Workflow Template

Used as a nested workflow to open a Torq case from details in a QRadar Offense and optionally include QRadar events into the case details.

Updated over 6 months ago

This template outlines the creation of a Torq case from a QRadar Offense, ideal for incident response and case management. Upon receiving offense data from QRadar, the workflow parses details to determine case severity and SLA using a predefined mapping. It subsequently creates a case in Torq with these parameters and includes custom fields with offense data. Optionally, it can query QRadar events related to the offense, attach event details to the case, and adjust its description accordingly, ensuring a comprehensive case overview for informed incident management.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Receive the QRadar Offense from a parent workflow

  2. Parse details from the offense to add to the case

  3. Create the Torq Case with the severity and SLA as determined from the mapping

  4. Add additional custom fields with relevant data from the offense

  5. If enabled, query for the events from the offense, add the events as an attachment and adjust the description of the case.

Vendors

Utils, Torq Cases, IBM QRadar

Workflow Output

A new Torq case with details from the QRadar offense.

Related Articles
Automatically Manage Cases with Torq Workflows
Fetch New QRadar Offenses with Pagination - Workflow Template
Gather QRadar Events for a Given Offense - Workflow Template
Create Cases from Crowdstrike Detections found in Splunk - Workflow Template
Create Cases from SentinelOne Events found in Azure Sentinel - Workflow Template
Did this answer your question?