Get IP Address API Filters activity

The Get IP Address API Filters workflow activity is used in the Security Operations QRadar Integration - Security Incident Enrichment workflow (included in the base system) to get the API filters to be passed to IP-related API calls from a security incident to QRadar.

Input variables

Input variables determine the initial behavior of the activity.

Table 1. Input variables
Variable Description
si_sys_id [string] The system id of the security incident.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable Description
affected_resource_source_ip_filter [string] Filter string sent to QRadar REST Messages to identify where affected resource IP address was used as a source IP in QRadar.
affected_resource_local_dest_ip_filter [string] Filter string sent to QRadar REST messages to identify where the affected resource IP address was used as a local destination IP in QRadar.
source_ip_source_ip_filter [string] Filter string sent to QRadar REST messages to identify where the Source IP address was used as a source IP in QRadar.
source_ip_local_dest_ip_filter [string] Filter string sent to QRadar REST messages to identify where the source IP address was used as a local destination IP in QRadar.
dest_ip_source_ip_filter [string] Filter string sent to QRadar REST messages to identify where the destination IP address was used as a source IP in QRadar.
dest_ip_local_dest_ip_filter [string] Filter string sent to QRadar REST messages to identify where the destination IP address was used as a local destination IP in QRadar.
no_filters_to_apply [true/false] True if there are no filters to apply.