You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can create alert on thehive with the Qradar workflow and add observables.
The problem is, when i watch the code of the Qradar2Alert is calling 2 methods for observable creation getSourceIPs and getDestinationIPs. Those functions catch from Qradar offenses the fields "source_address_ids" for source address and "local_destination_addresses" for destination address.
It work very well for source IPs but often it don't work for destination IPs because this field is empty despite "the remote_destination_count" is not equal to zero.
I've no idea where the destination IPs are stored and how can i catch them.
Someone already encountered this issue or can help me please ?
Thanks.
The text was updated successfully, but these errors were encountered:
Hi,
I can create alert on thehive with the Qradar workflow and add observables.
The problem is, when i watch the code of the Qradar2Alert is calling 2 methods for observable creation getSourceIPs and getDestinationIPs. Those functions catch from Qradar offenses the fields "source_address_ids" for source address and "local_destination_addresses" for destination address.
It work very well for source IPs but often it don't work for destination IPs because this field is empty despite "the remote_destination_count" is not equal to zero.
I've no idea where the destination IPs are stored and how can i catch them.
Someone already encountered this issue or can help me please ?
Thanks.
The text was updated successfully, but these errors were encountered: