Synapse icon indicating copy to clipboard operation
Synapse copied to clipboard
verified publisher icon TheHive-Project

Pull Qradar data by QID

Open blainedw opened this issue 7 years ago • 2 comments

I would love to see this feature enhancement to a great Synapse product. Please allow for pulling specific QID's. It allows for more targetted pulling of Qradar data.

blainedw avatar Jan 19 '19 13:01 blainedw

I'm not sure o understand what you mean.

Could you give me an example of your usecase ?

ninSmith avatar Jan 30 '19 21:01 ninSmith

Currently the script uses date range as an argument. For busy systems that can pull in more offenses than intended. It would be nice to pull be offense ID (or as Qradar calls it QID) so that I pull in a specific offense into Synapse.

DAVID BLAINE, GCIA, CISSP Information Security Section Manager General Dynamics Land Systems

6000 East 17 Mile Road, MZ: 435-01-16, Sterling Heights, MI 48313

GDLS Security | p: 586.825.8437 | m: 586-215-4174 | f: 586.825.8606 | [email protected] | www.gdls.com

From: ninSmith [mailto:[email protected]] Sent: Wednesday, January 30, 2019 4:45 PM To: TheHive-Project/Synapse [email protected] Cc: Blaine, David W [email protected]; Author [email protected] Subject: Re: [TheHive-Project/Synapse] Pull Qradar data by QID (#24)

CAUTION: THIS EMAIL WAS SENT FROM OUTSIDE GDLS. PLEASE DO NOT OPEN ANY URL LINKS, OPEN ATTACHMENTS OR REPLY TO THIS EMAIL IF YOU ARE UNABLE TO VERIFY THE SENDER’S EMAIL ADDRESS.

I'm not sure o understand what you mean.

Could you give me an example of your usecase ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub [github.com]https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_TheHive-2DProject_Synapse_issues_24-23issuecomment-2D459121711&d=DwMCaQ&c=NGt3eTFKeC-HdGM3w9bJ1g&r=ODOcTxUG1nrye26SpubOfO_opNcwK6G9bFendtm-UB0&m=_HP-JAF2F2RuP9CwziTSxenCFg2WAVve4LvsVtC8zis&s=S3a6uAdo6tFM0QjPHz_k9lLQbIIfQiss8N1nTlieY0Y&e=, or mute the thread [github.com]https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AsrH7F7R-5FaGg6M5FbmDNr8jteoDc29yZks5vIhJkgaJpZM4aJJOG&d=DwMCaQ&c=NGt3eTFKeC-HdGM3w9bJ1g&r=ODOcTxUG1nrye26SpubOfO_opNcwK6G9bFendtm-UB0&m=_HP-JAF2F2RuP9CwziTSxenCFg2WAVve4LvsVtC8zis&s=RVG22n3ZnYLoJfv7_KsQoax6nIvkh91B-g3mEBF4VLo&e=.

This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

blainedw avatar Jan 30 '19 21:01 blainedw