Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
12-31-2024 09:17 AM
Hi everyone,
I’m working on a QRadar integration (v2.5.7) in Cortex XSOAR (v6.12) and need to generate a JSON file for a specific offense to use in several scenarios, such as configuring an incident classifier. For example, in the classifier editor, you can upload a JSON file to analyze the data structure and map the fields correctly.
Here’s the situation:
#12 509 Impossible Travel Detected containing Primary Authentication Success.I’ve tried running !js script="return ${.}" in the War Room of the specific incident, but the JSON it returns contains significantly more fields than the one shown in the classifier editor when pulling data from QRadar.
I’ve also considered using the command:
!get-remote-data id=<offense_id> lastUpdate=<date_str>
Additionally, is it possible to extract the exact JSON used by XSOAR when it pulls data for the incident directly from QRadar, without additional fields or transformations?
Thanks in advance for your help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
