OnNewOffense

Triggers a workflow on every new offense captured by Qradar.

info

Automations based on this trigger will search for new events every 5 minutes.

Sample Event

{
    "last_persisted_time": 42,
    "username_count": 42,
    "description": "String",
    "rules": [
        {
            "id": 42,
            "type": "String <one of: ADE_RULE, BUILDING_BLOCK_RULE, CRE_RULE>"
        }
    ],
    "event_count": 42,
    "flow_count": 42,
    "assigned_to": "String",
    "security_category_count": 42,
    "follow_up": true,
    "source_address_ids": [
        42
    ],
    "source_count": 42,
    "inactive": true,
    "protected": true,
    "category_count": 42,
    "source_network": "String",
    "destination_networks": [
        "String"
    ],
    "closing_user": "String",
    "close_time": 42,
    "remote_destination_count": 42,
    "start_time": 42,
    "last_updated_time": 42,
    "credibility": 42,
    "magnitude": 42,
    "id": 42,
    "categories": [
        "String"
    ],
    "severity": 42,
    "log_sources": [
        {
            "type_name": "String",
            "type_id": 42,
            "name": "String",
            "id": 42
        }
    ],
    "policy_category_count": 42,
    "device_count": 42,
    "closing_reason_id": 42,
    "first_persisted_time": 42,
    "offense_type": 42,
    "relevance": 42,
    "domain_id": 42,
    "offense_source": "String",
    "local_destination_address_ids": [
        42
    ],
    "local_destination_count": 42,
    "status": "String <one of: OPEN, HIDDEN, CLOSED>"
}