QRadarAutoClose
QRadar_Auto_Closing_Offense
Details
Author |
Florian Perret |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
energysoar:case |
Description
Closing the QRadar Offense associated to your case in one clic !
Configuration
Name |
Description |
QRadar_API_Key |
A QRadar API key with sufficient rights to close an offense |
QRadar_Url |
URL of your QRadar API, must be accessible from Cortex server. eg: myqradar.myorg.com/api/siem/offenses |
Cert_Path |
If you need a certificate to authenticate to your QRadar API, please provide the path here |
Additional details from the README file:
Simple responder to close a QRadar Offense through a simple click.
If you need to change the customfield which contain the QRadar Offense ID, change the “externalReferences” from QRadarAutoClose.py line 15. This field must be filled with the “Internal Reference” of the custom field, not its name.