QRadar integration orchestration workflows and activities

The base system includes workflows and workflow activities you can use to integrate QRadar with your instance.

How the workflows work

When the Configuration item, Source IP, and/or Destination IP fields in a security incident are modified, a business rule called QRadar Enrichment causes the Security Operations QRadar Integration - Security Incident Enrichment workflow to orchestrate invocation of the second workflow, Security Operations QRadar Integration - Run Enrichment for IP. This secondary workflow makes the calls to QRadar depending on the field(s) that were modified. The enriched data is then added to the security incident work notes.
Note: If the Use default workflows check box in the QRadar Configuration screen is not selected, the workflows does not run.