Skip to main content
All CollectionsTemplatesBasic
Fetch New QRadar Offenses with Pagination - Workflow Template
Fetch New QRadar Offenses with Pagination - Workflow Template

A nested workflow to pull all new open QRadar offenses and use pagination to return all results.

Updated over 6 months ago

The "Fetch New QRadar Offenses with Pagination" workflow template assists businesses in threat hunting by scheduling periodic checks for open QRadar offenses. It begins by confirming the last scan time is set globally, then it paginates through and collects all current open offenses from QRadar. Upon completion, the workflow outputs the offense details or an empty array if no new offenses were found.

Take Me to the Template

Optional Triggers

Schedule,Slack,Teams

Use Cases

Threat Hunting

Workflow Breakdown

  1. Execute nested workflow on a schedule

  2. Check if the workflow start time is set in a global variable

  3. Gather open offenses in QRadar and collect any results using pagination

  4. On exit, provide the results of the offenses. If no results are found return an empty array.

Vendors

Utils, Torq, IBM QRadar

Workflow Output

On exit the results of the open offenses in QRadar.

Related Articles
Collect Torq Global Variables with Pagination - Workflow Template
Create a Torq Case from a QRadar Offense - Workflow Template
Find all Okta Active Devices with Pagination - Workflow Template
Query Logs on Singularity XDR with Pagination - Workflow Template
Gather QRadar Events for a Given Offense - Workflow Template
Did this answer your question?