This template outlines the creation of a Torq case from a QRadar Offense, ideal for incident response and case management. Upon receiving offense data from QRadar, the workflow parses details to determine case severity and SLA using a predefined mapping. It subsequently creates a case in Torq with these parameters and includes custom fields with offense data. Optionally, it can query QRadar events related to the offense, attach event details to the case, and adjust its description accordingly, ensuring a comprehensive case overview for informed incident management.
Use Cases
Case Management
Workflow Breakdown
Receive the QRadar Offense from a parent workflow
Parse details from the offense to add to the case
Create the Torq Case with the severity and SLA as determined from the mapping
Add additional custom fields with relevant data from the offense
If enabled, query for the events from the offense, add the events as an attachment and adjust the description of the case.
Vendors
Utils, Torq Cases, IBM QRadar
Workflow Output
A new Torq case with details from the QRadar offense.