Security Operations QRadar Integration - Security Incident Enrichment workflow

When the Security Operations QRadar Integration - Security Incident Enrichment workflow is executed, the REST calls identified by the Security Operations QRadar Integration - Run Enrichment for IP workflow are made to QRadar. The data is enriched, and the security incident work notes are updated with results of the enrichment..

Figure 1. Security Operations QRadar Integration - Security Incident Enrichment workflow
Security Incident Enrichment workflow
This workflow includes the following activity:

This workflow also passes QRadar filtering information based on fields in the security incident to the Security Operations QRadar Integration - Run Enrichment for IP workflow.