Build QRadar Enrichment Work note activity

The Build QRadar Enrichment Worknote workflow activity adds QRadar enrichment work notes based on the results of API calls.

Input variables

Input variables determine the initial behavior of the activity.

Table 1. Input variables
Variable Description
source_ip_response [array]

Array element types:

  • source_ip
  • id
  • event_flow_count
The inputs for these variables are passed from the Get Source IP Addresses activity.
offense_ids [array]

Array element type: [string]

The system identifier for a QRadar offense.
local_destination_ip_response [array]
Array element types:
  • local_destination_ip
  • event_flow_count
  • id
The inputs for these variables are passed from the Get Local Dest IP Addresses activity.
originating_field_label [string]

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable Description
worknote [string] The summary passed to the security incident used to document enriched data, including the number of offenses and event flows.