QRadarAutoClose#
README
Simple responder to close a QRadar Offense through a simple clic !
If you need to change the customfield which contain the QRadar Offense ID, change the "externalReferences" from QRadarAutoClose.py line 15. Be careful this have to be fulfill with the "Internal Reference" of the customfield, not it's name !
QRadar_Auto_Closing_Offense#
Author: Florian Perret
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
Closing the QRadar Offense associated to your case in one clic !
Configuration#
| QRadar_API_Key | A QRadar API key with sufficent rights to close an offense |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| QRadar_Url | URL of your QRadar API, must be accessible from Cortex server. eg: myqradar.myorg.com/api/siem/offenses |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| Cert_Path | If you need a certificate to authentificate to your QRadar API, please provide the path here |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |