Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Close an offense in QRadar.
External DocumentationTo learn more, visit the QRadar documentation.

Parameters

ParameterDescription
Closing Reason IDThe ID of a closing reason. You must provide a valid closing reason ID when you close an offense.
Offense IDThe ID of the offense to close.

Example Output

{
	"assigned_to": "String",
	"categories": [
		"String"
	],
	"category_count": 42,
	"close_time": 42,
	"closing_reason_id": 42,
	"closing_user": "String",
	"credibility": 42,
	"description": "String",
	"destination_networks": [
		"String"
	],
	"device_count": 42,
	"domain_id": 42,
	"event_count": 42,
	"first_persisted_time": 42,
	"flow_count": 42,
	"follow_up": true,
	"id": 42,
	"inactive": true,
	"last_persisted_time": 42,
	"last_updated_time": 42,
	"local_destination_address_ids": [
		42
	],
	"local_destination_count": 42,
	"log_sources": [
		{
			"id": 42,
			"name": "String",
			"type_id": 42,
			"type_name": "String"
		}
	],
	"magnitude": 42,
	"offense_source": "String",
	"offense_type": 42,
	"policy_category_count": 42,
	"protected": true,
	"relevance": 42,
	"remote_destination_count": 42,
	"rules": [
		{
			"id": 42,
			"type": "String <one of: ADE_RULE, BUILDING_BLOCK_RULE, CRE_RULE>"
		}
	],
	"security_category_count": 42,
	"severity": 42,
	"source_address_ids": [
		42
	],
	"source_count": 42,
	"source_network": "String",
	"start_time": 42,
	"status": "String <one of: OPEN, HIDDEN, CLOSED>",
	"username_count": 42
}

Workflow Library Example

Close Offense with Qradar and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop