Latest Version 2.1.3
September 17, 2021
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
QRadar
This app supports generic, investigative, and ingestion actions on an IBM QRadar device
Built by
Compatibility
Not Available
Platform Version: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9
Rating
0
(0)
Log in to rate this app
Support
Splunk Supported connector
Ranking
#3
in SIEM
This app supports generic, investigative, and ingestion actions on an IBM QRadar device
Supported Actions
- test connectivity: Validate the asset configuration for connectivity. This action runs a quick query on the device to check the connection and credentials
- list offenses: Get a list of offenses
- list closing reasons: Get a list of offense closing reasons
- get events: Get events belonging to an offense
- get flows: Get flows that make up an offense for a particular IP
- offense details: Get details about an offense
- alt manage ingestion: Manage ingestion details
- run query: Execute an ariel query on the QRadar device
- add listitem: Add an item to a reference set in QRadar
- close offense: Close an active offense, marking status=CLOSED
- update offense: Attach a note to an offense
- assign user: Assign the user to an offense
- get rule info: Retrieve QRadar rule information
- list rules: List all QRadar rules
- on poll: Callback action for the on_poll ingest functionality
Categories
Created By
Splunk Inc.
Source Code
GitHub(Opens new window)Type
connector
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing