Close
Thank you for your feedback.

Manually create security incidents and events from QRadar offenses

Manually create security incidents and events from QRadar offenses

You can convert QRadar alerts into security incidents manually.

Before you begin

Role required: sn_si.admin

The Security Incident Response and Security Incident Response Event Management support plugins must be activated.

Procedure

  1. Log in to your QRadar instance.

  2. Click the Offenses tab.

  3. Locate and open the alert you want to convert.

  4. Open the offense record you want to Navigate to Plug-ins > ServiceNow Integration > Configure ServiceNow Integration.

    QRadar offense with buttons for creating ServiceNow                                 records

  5. Perform one of these procedures.

    • To convert the alert into a security incident and transmit it to ServiceNow, click Create ServiceNow Security Incident.
    • To convert the alert into a security event and transmit it to ServiceNow, click Create ServiceNow Security Event.

    A confirmation box appears.
  6. Click OK.

    The Notes section records that the offense was sent to ServiceNow as a security incident or an event.

Products > Security Operations > IBM QRadar Integration; Versions > Istanbul