Get Source IP Addresses activity

The Get Source IP Addresses workflow activity is used in the Security Operations QRadar Integration - Run Enrichment for IP workflow (included in the base system) to get source IP addresses.

Input variables

Input variables determine the initial behavior of the activity.

Table 1. Input variables
Variable Description
filter [string] Filter string to send to QRadar.
service_token [string] The token entered in the Authorized service token field on the QRadar Configuration screen.
qradar_host [string] The QRadar host entered in the Endpoint base field on the QRadar Configuration screen.
use_mid [Boolean] Flag to indicate if a MID Server is to be used. It is retrieved from the Use MID server check box on the QRadar Configuration screen.

REST Execution Command

Use the input variables you created to configure the command that Orchestration executes on the REST endpoint. Click Test Inputs and enter substitute values to test the variables. When the tests result in the type of API call you need, click Continue.

Output variables

REST output variables contain values returned from an endpoint that are available to other activities in a workflow or internally to the activity. For more information, see REST template outputs.