Responder QRadarAutoClose #441
Assignees
Labels
category:feature-request
Issue is related to a feature request
scope:responder
Issues/PRs pertaining to responders
Milestone
Comments
cyberpescadito
added
the
category:feature-request
|
thank you for your contribution |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I want to share with you a responder that i wrote in python. He is working on my hive platform so I believe it's ready to use.
The main purpose of this responder is to close in one clic a QRadar offense from a TheHive case.
How it works:
Installation and configuration:
-Intall it in your Cortex Analyzers folder, in the responder section
-On Cortex WebUI, configure your QRadar console URL, an API key (service token), and a certificate if needed.
Use It:
-On TheHive, provide to your case the related QRadar offense ID in a customfield "externalReferences" (this have to be the customfield Internal Reference). I recommend to automatically fulfill via script this customfield when importing offenses as alert
-Clic the responder, and it will automagically close the offense in QRadar. That's all :-)
Happy threat hunting ;-)
The text was updated successfully, but these errors were encountered: