QRadarCorrelationLog

This playbook retrieves the correlation logs of multiple QIDs.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • QRadarFullSearch

Integrations

This playbook does not use any integrations.

Scripts

  • ChangeContext

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
QIDThe correlation QID.Required
OffenseStartTimeThe offense start time.Required
OffenseIDThe offense ID.Required
additionalQueryFieldsAdd more fields for basic query (a list with comma separators)Optional
GetOnlyCREEventsIf value "OnlyCRE" get only events made by CRE.
Values can be "OnlyCRE", "OnlyNotCRE", "All".OnlyCREOptional
MaxLogsCountMaximum number of log entires to query from QRadar (default: 20)20Optional

Playbook Outputs


PathDescriptionType
QRadar.LogLogs of QRadar correlationsunknown