Skip to main content
All CollectionsTemplatesBasic
Gather QRadar Events for a Given Offense - Workflow Template
Gather QRadar Events for a Given Offense - Workflow Template

For a given QRadar Offense pull all events for a specific time window and provide the list of events back to a parent workflow.

Updated over a week ago

This workflow template is designed for threat hunting and incident response teams that utilize QRadar for security event information. It automates the process of gathering all QRadar events associated with a specific offense over a defined time frame. The template streamlines the retrieval of detailed event data, leveraging pagination to handle large datasets. It ensures comprehensive event logs are made available to parent workflows, enhancing the ability to analyze and respond to security incidents effectively.

Use Cases

Threat Hunting

Workflow Breakdown

  1. Receive the offense id, and start/stop time from a parent workflow

  2. Query QRadar for the events

  3. Use pagination to gather all the events and provide details back to the calling workflow

Vendors

Utils, IBM QRadar

Workflow Output

The events for a given offense

Did this answer your question?