Close an offense in QRadar.

External Documentation

To learn more, visit the QRadar documentation.

Parameters

ParameterDescription
Closing Reason IDThe ID of a closing reason. You must provide a valid closing reason ID when you close an offense.
Offense IDThe ID of the offense to close.

Example Output

{
	"assigned_to": "String",
	"categories": [
		"String"
	],
	"category_count": 42,
	"close_time": 42,
	"closing_reason_id": 42,
	"closing_user": "String",
	"credibility": 42,
	"description": "String",
	"destination_networks": [
		"String"
	],
	"device_count": 42,
	"domain_id": 42,
	"event_count": 42,
	"first_persisted_time": 42,
	"flow_count": 42,
	"follow_up": true,
	"id": 42,
	"inactive": true,
	"last_persisted_time": 42,
	"last_updated_time": 42,
	"local_destination_address_ids": [
		42
	],
	"local_destination_count": 42,
	"log_sources": [
		{
			"id": 42,
			"name": "String",
			"type_id": 42,
			"type_name": "String"
		}
	],
	"magnitude": 42,
	"offense_source": "String",
	"offense_type": 42,
	"policy_category_count": 42,
	"protected": true,
	"relevance": 42,
	"remote_destination_count": 42,
	"rules": [
		{
			"id": 42,
			"type": "String <one of: ADE_RULE, BUILDING_BLOCK_RULE, CRE_RULE>"
		}
	],
	"security_category_count": 42,
	"severity": 42,
	"source_address_ids": [
		42
	],
	"source_count": 42,
	"source_network": "String",
	"start_time": 42,
	"status": "String <one of: OPEN, HIDDEN, CLOSED>",
	"username_count": 42
}

Workflow Library Example

Close Offense with Qradar and Send Results Via Email

Preview this Workflow on desktop