Skip to main content
All CollectionsTemplatesBasic
Gather QRadar Events for a Given Offense - Workflow Template
Gather QRadar Events for a Given Offense - Workflow Template

For a given QRadar Offense pull all events for a specific time window and provide the list of events back to a parent workflow.

Updated over 6 months ago

This workflow template is designed for threat hunting and incident response teams that utilize QRadar for security event information. It automates the process of gathering all QRadar events associated with a specific offense over a defined time frame. The template streamlines the retrieval of detailed event data, leveraging pagination to handle large datasets. It ensures comprehensive event logs are made available to parent workflows, enhancing the ability to analyze and respond to security incidents effectively.

Take Me to the Template

Use Cases

Threat Hunting

Workflow Breakdown

  1. Receive the offense id, and start/stop time from a parent workflow

  2. Query QRadar for the events

  3. Use pagination to gather all the events and provide details back to the calling workflow

Vendors

Utils, IBM QRadar

Workflow Output

The events for a given offense

Related Articles
Create a Torq Case from a QRadar Offense - Workflow Template
Fetch New QRadar Offenses with Pagination - Workflow Template
Query Logs on Singularity XDR with Pagination - Workflow Template
Gather Torq Audit or Activity Logs - Workflow Template
Fetch Incidents from Cortex XDR on a Schedule - Workflow Template
Did this answer your question?