Build QRadar Enrichment Work note activity The Build QRadar Enrichment Worknote workflow activity adds QRadar enrichment work notes based on the results of API calls. Input variables Input variables determine the initial behavior of the activity. Table 1. Input variables Variable Description source_ip_response [array]Array element types: source_ip id event_flow_count The inputs for these variables are passed from the Get Source IP Addresses activity. offense_ids [array]Array element type: [string] The system identifier for a QRadar offense. local_destination_ip_response [array]Array element types: local_destination_ip event_flow_count id The inputs for these variables are passed from the Get Local Dest IP Addresses activity. originating_field_label [string] Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description worknote [string] The summary passed to the security incident used to document enriched data, including the number of offenses and event flows.